Privacy Policy | InfoSec

1. Introduction

InfoSec Sécurité de l'information Inc. ("InfoSec", "we", "our") is committed to protecting the privacy and security of your personal information. This privacy policy explains how we collect, use, disclose, and protect your personal information in compliance with Quebec's Act 25 respecting the protection of personal information in the private sector (Law 25) and the General Data Protection Regulation (GDPR).

2. Data Controller

InfoSec Sécurité de l'information Inc.
585, boulevard Charest Est, Local 900
Quebec City, QC G1K 3J2, Canada
Phone: +1-418-476-3180
Email: info@infosecurite.com

3. Information We Collect

3.1 Information Provided Directly

First and last name
Email address
Phone number
Messages and communications you send us
Organization name and role (maturity assessment)
Cybersecurity assessment questionnaire responses

3.2 Information Collected Automatically

IP address (for security and fraud prevention)
Submission timestamp
Page URL visited
Referrer page
Screen resolution and timezone
Browser language and user agent
CSRF security tokens
Session metadata for security

4. Purposes of Processing

We use your personal information to:

Provide our services: Respond to your inquiries, provide cybersecurity consulting
Assessment and analysis: Analyze your maturity assessment responses using artificial intelligence to generate a personalized report with recommendations
Communication: Contact you regarding our services, answer your questions, send reports and newsletters you have subscribed to
Improvement: Analyze website usage to improve our services (with your consent)
Legal compliance: Meet our legal and regulatory obligations
Security: Protect our website against threats and fraud

5. Legal Basis for Processing (GDPR)

Legal Basis	Application
Consent — Art. 6(1)(a)	Marketing communications
Contract performance — Art. 6(1)(b)	Providing our services
Legitimate interests — Art. 6(1)(f)	Security and service improvement
Legal obligation — Art. 6(1)(c)	Compliance with legal requirements

6. Information Sharing

We never sell your personal information. We may share it only in the following cases:

Email service provider: For sending transactional emails and newsletters
Artificial intelligence service provider: For analyzing your assessment responses and generating personalized reports
Web analytics provider: To understand how our site is used (anonymized data, with your consent only)
Legal obligations: When required by law or court order
Rights protection: To protect our rights, property, or safety

All our service providers are bound by confidentiality agreements and may only use your data for the purposes for which it is transmitted to them.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

Data encryption in transit and at rest
Restricted access to personal information
Staff training on data protection
Security incident monitoring and detection
Regular secure backups

8. Data Retention

We retain your personal information only as long as necessary:

Data Type	Retention Period
Contact data	7 years after last interaction
Technical data and security metadata	Maximum 90 days
CSRF security tokens	Maximum 15 minutes
Maturity assessment data	2 years after submission
Communications	3 years after end of business relationship

9. Your Rights

In accordance with Law 25 and GDPR, you have the following rights:

Right of access: Know what information we hold about you
Right of rectification: Correct inaccurate information
Right of erasure: Request deletion of your data
Right to data portability: Retrieve your data in a structured format
Right to object: Object to certain processing
Right to restriction: Limit the processing of your data
Right to withdraw consent: Withdraw your consent at any time

To exercise these rights, contact us at: privacy@infosecurite.com

10. International Transfers

Your personal information is primarily stored in Canada. Some of our service providers may process data in Europe or the United States. In all cases, we ensure appropriate safeguards are in place in accordance with Law 25 to protect your data, including contractual clauses and privacy impact assessments.

11. Cookies and Similar Technologies

Type	Description	Consent
Essential cookies	Necessary for website functionality (theme, language, security tokens)	Not required
Analytics cookies	Privacy-respecting analytics, no personally identifiable information collected	Explicit consent

A consent banner is displayed on your first visit. You can change your choice at any time via the "Cookie settings" link in the website footer.

12. Changes to This Policy

We may update this privacy policy occasionally. Significant changes will be communicated via our website. We encourage you to review this page regularly.

13. Contact and Complaints

For any questions about this policy or to exercise your rights:

Person Responsible for the Protection of Personal Information
Mario Bouchard, President
InfoSec Sécurité de l'information Inc.
Email: privacy@infosecurite.com
Phone: +1-418-476-3180

You also have the right to lodge a complaint with data protection authorities:

Quebec: Commission d'accès à l'information du Québec (CAI)
Europe: Competent supervisory authority in your country of residence