Privacy Policy

Last update date: 2024-06-04

1. General information

1.1 Introduction

Purpose of this Policy

The protection of privacy is important to Escient Inc. (hereinafter the "Company", "We", "Us", "Our"). For this reason, We have implemented safeguards and sound management practices for Your Personal Information in accordance with applicable laws in Quebec and Canada.

Supplement to Terms and Conditions

This privacy policy (the "Policy"), which should be read in conjunction with Our Terms and Conditions, describes Our practices with respect to the collection, use, processing, disclosure, retention and destruction of Personal Information of persons benefiting from Our Services, visitors to this Website and its users (hereinafter "You", "Your").

Consent

 By using Our website https://escient.ca/, Our Customer Portal at https://escient.cchifirm.ca/clientportal/ and our ATS Platform or any of Our Services, You agree that We may collect, use, disclose, communicate, disclose and retain (hereinafter "Process" or "Processing") Your Personal Information in accordance with the terms described herein. If You do not agree to abide by and be bound by this Policy, You may not visit, access or use Our Website or Services, or share Your Personal Information with Us.

Policy limitations

 This Policy does not apply to Personal Information of the Company's employees, representatives and consultants, or any other person affiliated with the Company, or to any information that does not constitute Personal Information as defined by applicable laws in Quebec and Canada.

1.2 Privacy officer

Contact information for the Privacy Officer

All comments, questions and complaints regarding the Company's Privacy Policy and practices may be addressed to Our Privacy Officer at the following coordinates:

Phone : 450-629-6434 ext 345

Email: renseignementspersonnels@escient.ca

2. Definitions

Definitions of certain notions and expressions.

The following notions and expressions, when they appear with a capitalized first letter in the Policy, have the meaning attributed to them hereinafter, unless otherwise implied or explicit in the text:

"Company", "We", "Us", "Our" : Escient Inc.

"Service Provider" : means any individual or entity that processes Personal Information on behalf of the Company. This includes third-party companies or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services or to assist the Company in analyzing the use of the Services.

"Cookie Banner" : pop-up window requesting Your consent to certain collection of Your Personal Information on the Website.

"Customer Portal" : The Customer Portal located at https://escient.cchifirm.ca/clientportal/ .

"Personal Information" : means any information that relates to a natural person and allows that person to be identified, i.e., that directly or indirectly reveals something about the identity, characteristics (e.g., abilities, preferences, psychological tendencies, predispositions, mental abilities, character and behaviour of the person concerned) or activities of that person, regardless of the nature of the medium or the form in which the information is accessible (written, graphic, sound, visual, computerized or other).

"Privacy Officer" : also called the "Responsable de la protection des renseignements personnels" is the person in charge of the application of this Policy, whose contact information is identified in section 1.2 - Privacy Officer of this Policy .

"Services": refers to the services offered on the Website and related portal, Our pages on social networks and any programs and services rendered to You therein such as :

• To offer services aimed at optimizing the management of Your business for Our Customers;
• Meet Your financial and organizational performance needs;
• Offer various certification services;
• Offer Our Legal Services;
• Offering tax services;
• Offering human capital management services;
• Managing Our Human Capital;
• Offer various consulting service;
• Provide You with access to Our Portal, which enables You to securely exchange documentation, to access all the documents You send us at any time, to maintain and observe the history of these documents, and to electronically sign Your documents.

"Website" : means this website, https://escient.ca/, and our Customer Portal at https://escient.cchifirm.ca/clientportal/

"Cookies" : are text files that are installed on Your computer or mobile device. These cookies may contain information about Your search history, the web pages You visit and Your web browser.

"Process", "Treatment" : This term covers all operations that may affect or concern personal information, including: collection, use, storage, destruction, communication or transmission.

"You", "Your" : The persons benefiting from Our Services, the visitors to the Website and all users having recourse to the Company's Services.

3. Personal Data Processing

3.1 Collection of Personal Information

3.1.1 Collection methods

Various means

We collect Your Personal Information through Our Website or other technological means in a variety of ways :

• Automatically: When You connect to Our Website, the device You use to connect will communicate Personal Information to Us;
• Electronic forms: By filling in and sending Us one of Our electronic forms;
• Communicated e-mails: By e-mails that You communicate to Us using one of the e-mail addresses available on Our Website;
• Cookies: By cookies, including the cookies identified in Our Cookie Policy; and
• Partners: By third parties who collect Your Personal Information on Our behalf, as identified in section 3.2 - Collection of Personal Information by a Third Party of this Policy.

Profiling and identification

Our Website has features that allow Us to profile Your activities on Our Website and to identify You. These functions are used by third parties identified in section 3.5 - Access, disclosure and transfer of Personal Information through the use of cookies. We disable these functions by default. You can activate them via the Cookies Banner.

3.1.2 Personal information collected

Categories of information collected

In the course of Our activities, We may collect and process various types of Personal Information, including the information listed below:

• identifying information and Your contact details, including Your first and last name, Your postal address and Your e-mail address;
• demographic information, such as Your age or place of residence;
• government identifiers, such as Our Customers' Social Insurance Number (SIN);
• technical or numerical information, including connection information and other information about Your activities on the Website, such as Your IP address, the pages You consulted, the time and date of Your visits, Your number of connections, Your domain name, the address of the referring site (if You access the Website from another site), the type of browser You use, the operating system of Your device and other hardware and software information;
• Your consent to the use of certain cookies on Our Website and to the disclosure or use of Your Personal Information;
• Your signatures exchanged with DocuSign;
• information necessary for the provision of Our Services, such as information concerning the Services We have rendered or are rendering to You;
• information that You choose to provide or transmit to Us, for example, when You fill out an online form, respond to solicitations or surveys, or communicate with one of Our employees or representatives; 
• any Personal Information contained in the documentation You submit to Us via the Customer Portal; and
• financial information, such as bank details.   

Limiting processing to necessary and legitimate purposes

In each case, Personal Information is processed in accordance with the legitimate and necessary purposes listed in section 3.4 - Use of Personal Information below.

3.2 Collection of Personal Information by a Third Party

Third Parties Collecting Personal Information on Our Behalf

Wolters Kluwer collects on Our behalf the Personal Information that You provide to Us through the Customer Portal. The information collected allows Us to provide You with Services through the Customer Portal.

Information collected by Wolters Kluwer

The personal information collected by Wolters Kluwer through the Customer Portal includes, but is not limited to, the following personal information:

• identifying information and Your contact details, including Your first and last name, Your postal address and Your e-mail address;
• government identifiers such as the Social Insurance Number (SIN) of Our Customers (when providing certain Services);
• demographic information, such as Your age or place of residence;
• technical or numerical information, including connection information and other information about Your activities on the Customer Portal, such as Your IP address;
• financial information, such as banking details, tax slips and/or documents, various account statements, invoices, financial statements; and
• any Personal Information contained in the documentation that You submit to Us via the Customer Portal.

Information collected by Folks RH

We receive Your personal information through the ATS Platform from Folks RH.  The personal information collected and communicated by Folks RH is used for hiring purposes, including the evaluation of Your application for Our employment opportunities. For this purpose, Folks RH will provide us with the following information about You:

• identification and contact information;
• demographic information;
• the information on Your Curriculum Vitae; and
• Any other information that You decide to communicate to Us as part of Your Application.

For more information, please refer to the policy of Folks RH: https://folksrh.com/en/privacy-policy/ .

Information collected by DocuSign

We use the services of DocuSign to collect Your signatures for authentication purposes and to offer You Our Services. For more information, please see DocuSign's Privacy Policy;

3.3 Refuse collection

Withdrawing consent

Unless the Law or Your contractual obligations provide otherwise, You may refuse or withdraw Your consent to certain specific uses or disclosures of Your Personal Information:

• by not entering Your Personal Information in Our electronic or paper forms when the provision of such information is indicated as being optional;
• by selecting "decline" or "refuse" in the Cookie Banner; or
• by sending a request to Our Privacy Officer at the coordinates identified in section 1.2 - Privacy Officer of this policy.

Measures offered to refuse means of collecting Personal Information

You may also provide Us with Your Personal Information by means other than through technological means such as Our Website or Our Customer Portal. You may provide Us with the following:

• By telephone; or
• In person.

3.4 Use of Personal Information

Purposes of Personal Information

We may use Your Personal Information for the purposes described below:

• operate, maintain, supervise, develop, improve and offer the functionalities of Our Website;
• authenticate yourself;
• introduce You to and provide Our Services, including :
  • to offer services aimed at optimizing the management of Your business;
  • meet your financial and organizational performance needs;
  • offer various certification services and accounting services including compilation, review, assignments, bookkeeping, payroll management, training for your staff;;
  • offer Our Legal Services;
  • offering tax services;
  • providing human capital management services;
  • managing Our Human Capital;
  • offer various consulting services.
• evaluate a job application;
• perform Our contractual obligations to You;
• manage invoicing and process payments;
• handle and resolve complaints and dissatisfactions;
• develop, improve and offer new Services;
• sending You messages, emails, updates and security alerts identifying activities on the Customer Portal;
• for marketing and business development purposes, if You have previously consented to the processing of Your Personal Information for these purposes;
• answer Your questions and provide You with assistance if needed;
• conduct research, analysis and statistics related to Our Company and Our Services;
• detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities; or
• for any other purpose imposed or permitted by applicable law.

3.5 Access, disclosure and transfer of Personal Information

Access and Disclosure

We may transfer, disclose or provide access to Your Personal Information to Our employees and Service Providers who need to know that information in order to operate Our Website, perform Our Services, conduct Our business or serve You.

3.5.1  Acces to Personnel Information Within the Company

Limiting access to Personal Information

 Your Personal Information is only accessible to Our directors, employees or representatives who require access to Your Personal Information in order to perform their duties. As such, Your Information may be accessible to:

• Our Privacy Officer;
• Our IT services ("Information Technology");
• Our customer service;
• Our accounting and legal professionals;
• Our billing services;
• Our advertising services;
• Our human resources (if applying for a job); and to
• Our messengers (e.g. for delivering documents to sign).

3.5.2 Disclosure of Personal Information

Safeguards for disclosure to third parties

We will only disclose Your Personal Information to Our Service Providers if they have previously agreed to maintain the confidentiality of Your Personal Information in accordance with applicable laws and Our Information Governance Program through the implementation of various safeguards and information governance measures. These measures are proportionate to the sensitivity of the Personal Information processed or communicated. Without limitation, Our Service Providers may only use Your Personal Information in a confidential manner in accordance with Our instructions and only for the purposes for which it was provided. Furthermore, We only provide Our Service Providers with the Personal Information that is necessary for the performance of their mandate or contract, and We require such Service Providers to destroy the Personal Information in an appropriate manner upon termination of the contract or as soon as its use is no longer necessary. 

Our Service Providers

Although We try to avoid sharing Your Personal Information with third parties, We may use Service Providers to perform various services on Our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below certain cases in which such sharing may take place:

• We use the Google Analytics Cookie to analyze website traffic and compile statistics. For more information, see Google's privacy policy and their table of cookies for advertising and measurement purposes;

Please note that this Cookie may collect Personal Information that can localize You and profile Your web activities.

This Cookie communicates to Google for the purposes identified in Our Cookie Policy.

• We use the services of Meta (Facebook Pixel) to enable us to understand and serve ads, compile statistics and converse with customers and prospects. For more information, see Meta's privacy policy.

Please note that this Cookie can identify You and profile Your web activities in order to provide You with advertising tailored to Your interests (targeted advertising).

This Cookie communicates to Meta for the purposes identified in Our Cookie Policy;

• We use the Meta group's Facebook social networking services to communicate about Our Services. For more information, see Meta's privacy policy;
• We use the services of the LinkedIn social network to advertise Our Services and for recruitment purposes. For more information, please consult LinkedIn's privacy policy;
• We use Indeed's services to converse with You and with candidates or prospects for recruitment purposes. For more information, please consult Indeed's privacy policy;
• We use Wolters Kluwer Services to manage and maintain the Customer Portal. The information collected allows Us to provide You with Services through the Customer Portal;
• We use DocuSign Services to securely communicate with You and receive Your signatures for authentication purposes and in order to offer You Our Services. For more information, please consult DocuSign's privacy policy;
• We use Lima Charlie Services to host Your personal information;
• We use Microsoft services (Outlook and the Microsoft Office suite) to store Our documents and e-mails. For more information, see Microsoft's privacy statement;
• All categories of Personal Information identified in section 3.1 - Collection of Personal Information may be communicated or stored through this service;
• We use Metatracer on Our digital systems to facilitate the detection and management of Your Personal Information and that of Our employees, all to ensure Our compliance with privacy laws.

Metatracer collects, as Personal Information, only identifying information.

3.5.3 Communication outside the province of Quebec

Disclosure of Personal Information outside Quebec

We may disclose Your Personal Information outside Quebec.

Safeguards when communicating outside Quebec

Before disclosing Your Personal Information to third parties outside Quebec, We conduct a privacy impact assessment to evaluate the risks that may affect the security of Your Personal Information. This assessment also identifies appropriate security measures to reduce or eliminate these risks. The communication will then be subject to a written agreement binding these third parties to respect such measures.

3.5.4 Compliance with legislation, responding to legal request, preventing harm and protecting Our rights

Specific disclosures of Your Personal Information

We may disclose Your Personal Information when We believe that such disclosure is authorized, necessary or appropriate, including:

• to respond to requests from public and governmental authorities, including public and governmental authorities outside Your country of residence;
• to protect Our business;
• to comply with legal proceedings;
• to protect Our rights, the privacy of Our employees, officers and directors, Our security and Our property;
• to protect Your privacy and Your rights, or the privacy and rights of third parties;
• to enable Us to pursue available remedies or limit the damages We may suffer; and
• when it is compliant or mandatory according to applicable laws, including laws outside Your country of residence.

3.5.5 Commercial Transaction

Possibility of commercial transactions

We may share, transfer or communicate, in strict compliance with this Policy and the provisions of the Act respecting the protection of personal information in the private sector, RLRQ c P-39.1 (the "Private Sector Act") and the Act to modernize legislative provisions respecting the protection of personal information, LQ 2021, c 25 (the "Act 25", assented to on September 22, 2021), Your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of the Organization or Our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or any other business transaction, including in connection with the negotiation of such transactions). In such a case, We will inform You before Your Personal Information is transferred and is governed by another privacy policy.

3.6 Consent

Consent for Collection, Use or Disclosure of Personal Information

Unless otherwise required by law, the Company obtains Your consent to the collection, use and disclosure of its Personal Information. However, if You provide Us with Personal Information about other persons, You must ensure that You have duly notified them that You are providing Us with their information in addition to obtaining their consent to such disclosure.

Consent requirements

We will seek Your manifest, free, informed and purposeful consent before using or disclosing Your Personal Information for purposes other than those set out herein. We will also seek Your express consent whenever sensitive Personal Information is involved in any of the Company's processing activities. We will ask for Your consent for each specific purpose in clear and simple terms, separate from any other information provided to You.

BY USING OUR WEB SITES, TRANSMITTING YOUR PERSONAL INFORMATION BY E-MAIL OR USING AN ONLINE FORM, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY.

Refusal to use the Website and the Customer Portal

If You do not consent, please stop using the Websites. Except where otherwise provided by law, You may withdraw Your consent at any time upon reasonable notice. Please note that if You choose to withdraw Your consent to the collection, use or disclosure of Your Personal Information, certain features of Our Website may no longer be available to You or We may no longer be able to offer You some of Our services.

3.7 Retention of Personal Information

Retention of Personal Information

Subject to applicable laws, We retain Your Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, unless You consent to Your Personal Information being used or processed for another purpose.

Additional information

To obtain more information about the periods during which Your Personal Information is kept, please contact Our Privacy Officer using the contact details provided in article 1.2 - Privacy Officer of this Policy.

4. Your rights

List of rights

As a data subject, You may exercise the rights set out below by contacting Our Privacy Officer in writing at the contact information provided in Article 1.2 - Privacy Officer of the Policy. Please note that We may ask You to verify Your identity before responding to any of these requests:

• You have the right to be informed of the Personal Information We hold about You, its use, disclosure, retention and destruction, subject to exceptions provided by applicable law;
• You have the right to access Your Personal Information, to request a copy of the documents containing Your Personal Information, subject to the exceptions provided by applicable law, and to obtain, if applicable, additional details on how We use, communicate, store and destroy it by communicating a written request to Our Privacy Officer at the coordinates identified in section 1.2 - Privacy Officer of this Policy;
• You have the right to have the Personal Information We hold about You rectified, amended and updated if it is incomplete, equivocal, out of date or inaccurate by sending a written request to Our Privacy Officer at the contact information identified in section 1.2 - Privacy Officer of this Policy;
• You have the right to withdraw or modify Your consent to the collection, use and communication of certain of Your Personal Information collected (as identified in section 3.1 - Collection of Personal Information of this Policy) at any time, subject to applicable legal and contractual restrictions;
• You have the right to ask Us to stop disseminating Your Personal Information and to de-index any hyperlink attached to Your name which gives access to this information if such dissemination contravenes the law or a court order;
• You have the right to request that Your Personal Information be communicated to You or transferred to another organization in a structured and commonly used technological format;
• The right to be informed of any confidentiality incident concerning Your Personal Information that could cause You serious harm. To this end, we maintain a register of all confidentiality incidents and assess the harm they may cause; and
• You have the right to file a complaint to the Commission d'accès à l'information, subject to the conditions set out by applicable law.

5. Questions and complaints

Complaint Process

You may address any complaints regarding Our practices and policies for the protection of Your Personal Information by contacting Our Privacy Officer using the contact information identified in section 1.2 - Privacy Officer of this Policy.

Questions

You may also contact Our Privacy Officer with any questions regarding this Privacy Policy using the contact information identified in section 1.2 - Privacy Officer of this Policy.

Identification

In order to process Your request, You may be asked to provide an appropriate identification document or to identify Yourself in some other way.

6. Cookies and similar technologies

Use of cookies

Cookies are small text files that are stored on Your device or browser. They make it possible to collect certain information when You visit the Website, including Your preferred language, the type and version of Your browser, the type of device You are using and Your device's unique identifier. While some cookies are deleted after Your browser session ends, other cookies are retained on Your device or browser to enable Your browser to be recognized the next time You visit the Website.  We use cookies and other similar collection technologies such as pixels (collectively "Cookies") to help Us operate, protect and optimize the Website and the Services We offer.

Certain uses of Cookies

While some of the Cookies We use are deleted after Your browser session ends, other Cookies are retained on Your device or browser to enable Us to recognize Your browser the next time You visit the Website. In particular, they enable Us to guarantee the operation of the Website, to improve the user's browsing experience and to provide certain data that enables Us to better understand the traffic and interactions that take place on Our Website, as well as to detect certain types of fraud. Cookies do not damage Your device and cannot be used to retrieve Your Personal Information.

Possible browser settings

You can set Your browser to notify You when Cookies are set on Your visit to the Website, so that You can decide in each case whether to accept or reject the use of some or all Cookies. Please note that disabling Cookies on Your browser may adversely affect Your browsing experience on the Website and prevent You from using some of its features.

Cookie policies

To learn more about how We use Cookies, You may consult Our "Cookie Policy".

7. Safety measures

Objectives of Our Security Measures

We have implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of Your Personal Information against loss, theft or any unauthorized access, infringement, disclosure, reproduction, communication, use or modification. These measures include :

Administrative measures

On the administrative front, the adoption of a series of measures, policies and procedures as part of the implementation of our Information Governance program, including :

• govern the access, communication, retention, de-identification, destruction or anonymization of Personal Information;
• determine the roles and responsibilities of Our employees throughout the life cycle of Personal Information and documents;
• establish procedures for intervention and response in the event of a confidentiality incident;
• govern the process for requests and complaints relating to the protection and handling of Personal Information.

Technical measures

 On a technical level, the use of several means such as :

• the use of a secure server and Secure Socket Layer (SSL) technology;
• the use of a VPN; and
• use of a firewall system.

Incomplete list of measures

Given the public nature of this Policy, We have not provided an exhaustive list of the measures we are implementing.

Impossibility of guaranteeing a complete absence of risk

Despite the measures described above, We cannot guarantee the absolute security of Your Personal Information. If You have reason to believe that Your Personal Information is no longer secure, please contact Our Privacy Officer immediately using the contact details set out in section 1.2 - Privacy Officer of this Policy.

8. Changes to this Privacy Policy

Right to change this Policy

We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, We will post the revised version of the Privacy Policy and update the update date in the footer of the Privacy Policy. We will notify You reasonably; prior to the effective date of the new version of Our Policy. If You do not agree to the new terms of the Privacy Policy, please do not continue to use Our Website and Services. If You continue to use Our Web Site or Services after the new version of Our Policy becomes effective, Your use of Our Web Site and Services will be governed by the new version of the Policy.

9. Links to third-party websites

Responsibility for Third Party Websites

From time to time, We may include on Our Website references or links to websites, products or services provided by third parties ("Third Party Services"). These Third Party Services, which are not operated or controlled by the Company, are governed by privacy policies that are entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Website and the Services We offer.

10. Individuals under 14 years of age

Consent of minors under 14

If You are under 14 years of age, You must not provide Us with Your Personal Information without the consent of Your parent or guardian. If You are a parent or guardian and You become aware that Your child has provided Us with Personal Information without consent, please contact Us using the contact details set out in section 1.2 - Privacy Officer of this Policy to request that We delete that child's Personal Information from Our systems.

11. Applicable laws

Canada and Quebec laws

The laws of Canada and Quebec, excluding its conflict of law rules, will govern this agreement and Your use of the Website. Your use of the Website may also be subject to other local, provincial, national or international laws.