Latest update: November 28th 2022
This Policy describes our practices when collecting and processing your personal data. We have included information about how we protect your privacy and about your rights regarding your personal data. Please don’t hesitate to contact our Privacy Officer or our Data Protection Officer if you live in the EU for any questions, comments, or concerns you may have:
1100, boul. Robert-Bourassa, Suite 400
Montreal (Quebec) H3B 3A5
1100, boul. Robert-Bourassa, Suite 400
Montreal (Quebec) H3B 3A5
Data Protection Officer
Cours Valmy – Le Belvédère
1-7 cours Valmy, 92800 Puteaux
Cours Valmy – Le Belvédère
1-7 cours Valmy, 92800 Puteaux
You can click the following links to quickly access the specific information you are looking for:
- What is personal data?
- What personal data do we collect about you and why?
- Will we contact you and how can you change this?
- When do we share your personal data with others and why?
- Where do we store your personal data?
- How do we protect your personal data?
- How long do we keep your personal data?
- How can you exercise your personal data rights?
1. What is Personal Data?
When we talk about “personal data” in this Policy, we mean any information which could be used to identify you, either directly or indirectly. For example, it includes any information which is not personal on its own, but which becomes personal data when associated with other information that allows us to identify you indirectly.
The definition of personal data may vary from one jurisdiction to another, and as such, may be protected in a different way under applicable Privacy laws. Therefore, you may not have the same rights regarding this personal data depending on where you reside.
It also applies when you communicate with us, when you apply for a career opportunity, or when you sign up to receive the Alithya newsletter.
We also process various types of personal data for the purposes of delivering our products and services to our clients and to you, the users. We support our clients and their users with the use of artificial intelligence and machine learning to deliver our digital application development, business strategy, enterprise solutions and data & analytics services. If you live in the EU, we thus act as a data processor and process the personal data of users according to the instructions of our clients, the data controllers. In this case, our clients are responsible for determining which lawful basis allows them to collect and process your personal data and, if applicable, to obtain your consent. If you have any questions relating to the collection and processing of your personal data by one of our clients, please contact them directly.
4. What personal data do we collect about you and why?
We collect personal data directly from you when you visit our website, inquire about our products and services and submit your personal data for a career opportunity. In that case, under the General Data Protection Regulation (GDPR), we act as a data controller, and we process your personal data either with your consent or under other legal basis for processing. Each time consent is the legal basis, you can withdraw your consent at any time. Click here to learn more on your data rights.
- Marketing Data
Examples: name, email address, company name, business address, telephone number, preferences, and social media engagement.
When you visit our website, a cookie consent banner will prompt you to consent to our use of “preference,” “analytical” and “advertising” cookies. We have applied the privacy-by-default principle; these cookies will be blocked unless you provide us with an affirmative action to allow these cookies. Essential cookies are required for the proper functioning of our website and cannot be blocked.
If you consent to our use of advertising cookies, we collect and process Marketing Data to promote our products and services and to provide you with personalized and tailored advertising based on your preferences.
Based on your affirmative action to consent, we will also send you our newsletters and promotional emails to:
- notify you of other Alithya products and services we think you might be interested in;
- inform you of special events relating to Alithya;
- provide you with industry information related to Microsoft’s ERP, CRM, Business Intelligence, LinkedIn Sales Navigator Services and Alithya’s Digital products; and
- communicate our corporate activities and financial results to the financial community, investors, journalists and industry analysts.
You can also choose to participate in our various webinars and web conferences. To do so, you must register your name, email and your company name (or employer). We use a service provider, Digicast, to support the delivery of our webinars and web conferences. We will use your contact information to follow up with you, either by email or by telephone.
Under the GDPR, we process this information based on your consent. You may withdraw your consent at any time or unsubscribe directly in the emails by visiting our Cookies Preferences Centre or by contacting us at email@example.com. We process your personal data for our legitimate interests to ensure the proper functioning of our website.
- Usage Information and Technical Log Data
Examples: Technical logs, IP address, browser type and configuration, operating system, number of visitors, pages viewed, length of visits, geographical location, language preferences and device information.
When you visit our website, we collect usage information and technical log data in the form of personal data, anonymous data and aggregated data through the use of essential cookies. We collect this information to allow us to monitor and secure our website and to understand traffic patterns within our website. This information allows Alithya to ensure the content is presented efficiently and to optimize and improve our products and services when necessary.
Under the GDPR, we process this information based on our legitimate interests to maintain the security of our website and to tailor its content to meet your needs.
- Job Application Data
Examples: Education, professional experiences, contact information, professional memberships, certifications, employment history
If you apply for one of our job opportunities, we will collect and process the personal data you share with us, including your resume and any other attachments and content. This information allows Alithya to process employment applications and make recruitment decisions. Should your application be selected for a job offer, we will collect and use your credit score and criminal background check from our service provider.
Under the GDPR, we process this information based on your consent to provide us with your personal data.
- Communication Data
Examples: Contact information, message content
If you communicate with us by email, through social media, our website chat service, our investor relations or otherwise, we will collect the personal data you share with us to respond to your communication.
We use third-party service providers to operate our chat function on our website. If not answered through the chatbot, your questions will be directed to the appropriate Alithya team member, who will respond to your request in a timely manner.
As a public company trading on TSX and NASDAQ, Alithya activates its investor relations communications to share financial and corporate-related information about Alithya with the financial community, investors, shareholders, media outlets, industry analysts as well as other interested parties.
Under the GDPR, we process this information based on performing a contract with you or with your consent, where applicable.
- Client Data
When we act as a service provider, we process various types of personal data for the purposes of delivering our products and services to our clients and to you, the users. We support our clients and their users with the development of digital applications, control and software engineering, cybersecurity, the modernization of legacy systems and the development of cloud infrastructures. When appropriate, we use artificial intelligence and machine learning technologies. We also offer managed services and client portals for Microsoft Dynamics clients, Canadian clients in the energy sector as well as Oracle Cloud, ERP, EPM, and HCM clients.
In this respect, under the General Data Protection Regulation (GDPR), we act as a data processor.
Our clients are located in Canada, Europe and the United States. They operate in the financial, investment/insurance, manufacturing, retail/distribution, telecommunications, transportation, professional services, healthcare, and government sectors.
We process such personal data in accordance with the instructions of our clients, who are responsible for determining which lawful basis allows them to collect and process your personal data and to obtain your consent when applicable under various Privacy laws.
You will find below the categories of personal data we may process on behalf of our clients.
- Contact Data: name, physical address, email, telephone number
- Identification Data: background verification, driver’s license, passport number, account number, policy number, utility bill account number
- Financial Data: credit card number, bank account, loans and mortgages, investments, payment information
- Preferences Data: language, purchase history, feedback, online searches
- Employment Data: resume, education history, employment history, recognitions and special awards, professional memberships, certifications
- Special Categories Data: ethnic origin
- Health Data: medication prescriptions, doctors’ names, frequency of appointments to medical clinics, medical records
Under the GDPR, we process this information based on performing a contract with our clients and according to our clients’ instructions, which are outlined in our contractual agreements.
5. Will we contact you and how can you change this?
If you sign up to receive our newsletters, we will send you information and insights about our new products and services, exclusive offers and events or other interesting matters that we think might interest you.
Topics may include Microsoft ERP, CRM, business intelligence, LinkedIn services, Alithya’s digital products as well as our financial and corporate information.
You can ask us to stop contacting you at any time by using the unsubscribe option in each email or by contacting us at firstname.lastname@example.org.
7. Where do we store your personal data?
As a global company operating in multiple jurisdictions, we store your personal data in our data centers as well as in our cloud environments, which are located in the United States, in Canada, and in the EU. As such, Alithya’s operations in the EU process and store the data of EU residents in accordance with GDPR and client requirements.
In some circumstances, and unless prohibited by law or contracts with our clients, we may work with service providers located in the United States to assist us with the delivery of our products and services.
If you would like more information about our policies and practices regarding the processing of personal data outside of Canada, United States and Europe, please send us an email at email@example.com.
8. How do we protect your personal data?
Information Security is at the core of our business. We strive to adopt reasonable physical, technical and organizational security measures to help safeguard your personal data against loss or theft, unauthorized access, disclosure, copying, use, or modification.
For instance, we have achieved a SOC certification and some of our projects have obtained an ISO 27001 certification. We require the same level of security of third parties that process your personal data on our behalf. We conduct thorough background checks before onboarding new employees and inform them of the importance of privacy protection.
Unfortunately, there exist many cyber threats; we therefore cannot guarantee that our safeguards will always be effective.
9. How long do we keep your personal data?
We keep the personal data we collect and process for as long as it is necessary to fulfill the purpose for which it was collected. We generally keep your personal data for as long as necessary to provide you with our products and services or as required by law, whichever is longer. Finally, we keep personal data processed on behalf of our clients for as long as it is required as per our clients’ instructions and delete and destroy the personal data once the purposes of collection have been achieved.
10. How can you exercise your personal data rights?
You have rights when it comes to your personal data. However, these rights may vary depending on where you are located. These rights generally include the right to access and correct your personal data, as well as the right to withdraw your consent.
Under the GDPR, you have additional rights, such as the right to object to the processing of your personal data, the right to data portability and the right to restrict the processing of your personal data in certain circumstances. In the EU, you also have the right to define guidelines regarding your personal information after your death.
Our Privacy Officer and/or Data Protection Officer can answer your questions regarding how we process your personal data. They can also help you exercise your data rights; please reach out to us.
Once we receive your request, we’ll get back to you within 30 days. For security reasons and to avoid fraudulent requests, we will ask you for a proof of identity; this said, we won’t use this information for any other purposes. Keep in mind that there might be legal or other circumstances that prevent us from granting your request. If so, we will provide you with detailed explanations.
The Office of the Privacy Commissioner of Canada (OPC) has published a number of resources to help you understand your data rights and how to take action. For more information, you can contact the Office of the Privacy Commissioner of Canada’s Information Center here.
If you live in Quebec, you can also read about your privacy rights on the Commission d’accès à l’information du Québec (Commission) website or reach them here.
If you are located in the EU and you want to learn more about your rights, each EU country has set up national bodies responsible for protecting personal data in accordance with the GDPR. You can consult this link here to access your country’s privacy protection office. You can find information on your EU privacy rights published by the Information Commissioner’s Office (ICO) of the United Kingdom here, and by France’s Commission Nationale de l’Informatique et des Libertés here.
If you’re not satisfied with how we process your request, you can lodge a complaint with the OPC by filling out this form; with the Commission by filling out this form; with the ICO here, and with the CNIL here.