Privacy Policy

1. Introduction

Vision Sécurité Inc. ("Vision Sécurité," "we," "us," or "our") protects the privacy of our clients, website visitors, employees and business partners. This Privacy Policy explains how we collect, use, share, store and protect personal information.

We follow Quebec's Act respecting the protection of personal information in the private sector(as updated by Law 25) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Where useful, we also apply best practices from the European Union's GDPR.

This Policy covers personal information handled through our websites, security services, business operations and offline interactions. Our goal is simple: you should know what we collect, why, and what rights you have.

2. Personal Information We Collect

We collect only the personal information necessary to deliver professional security services and maintain our business operations. The types of information we collect depend on your relationship with us and include:

Identity and Contact Information

Names, job titles, business and home addresses, phone numbers and email addresses. This applies to clients, employees, job candidates, emergency contacts and business partners. We use it to communicate, deliver contracts and maintain professional relationships.

Client and Service-Related Data

To deliver tailored security, we gather site details: property layouts, access instructions, alarm codes, emergency contacts and standard procedures. Our officers need this information to do the job and respond to incidents.

Operational and Security Data

During patrols and incident response we create patrol logs, time-stamped reports, photos or video, access records and visitor logs. We may keep this data to support insurance claims or legal proceedings.

HR and Employment Information

For current employees and job candidates, we collect:

• Resumes and applications
• Copies of BSP (Bureau de la sécurité privée) licenses and professional certifications
• Work schedules and time records
• Performance evaluations
• Training completion records
• Payroll and benefits information
• Background check results where permitted by law

Website and Technical Data

When you visit our website, we automatically collect certain technical information including:

• IP addresses
• Device type and browser information
• Pages viewed and time spent on each page
• Referral sources (how you found our site)
• Cookie preferences
• Approximate geographic location based on IP address when enabled by your device settings

Marketing and Communications

We maintain records of:

• Your consent preferences for marketing communications
• Event registrations and attendance
• Feedback and survey responses
• Correspondence history with our sales and customer support teams

3. How We Collect Information

We collect personal information through multiple channels to serve you effectively:

Direct Interactions

Most personal information comes directly from you when you:

• Complete online or paper forms
• Sign service contracts or employment agreements
• Communicate with us via email or telephone
• Meet with our representatives in person
• Subscribe to our newsletters or event invitations
• Apply for employment positions

Service Delivery Activities

Our security personnel collect information during:

• Patrol activities
• Incident response and documentation
• Video surveillance or photographic documentation conducted as part of authorized security operations
• Access control monitoring at client sites

Third-Party Sources

Sometimes business clients or property managers share information about their premises, tenants or staff so we can deliver our services. We also use public sources and government licensing bodies — like the Bureau de la sécurité privée (BSP) — to verify credentials.

Automated Technologies

Our website uses cookies, web beacons, and similar technologies to collect usage information. We explain these technologies in detail in Section 10 below.

Service Providers

Trusted third-party providers help with parts of our operations under strict confidentiality agreements. They may collect information on our behalf — for example, background-check agencies, payroll processors and IT providers.

4. Purposes and Legal Bases for Processing

We process personal information only for specific, legitimate purposes and rely on appropriate legal bases as required by privacy law:

Service Delivery

Our primary purpose is to provide contracted security services including:

• Site assessments and risk evaluations
• Deployment and management of security personnel
• Patrol services and perimeter monitoring
• Incident response and emergency coordination
• Reporting and client communications
• Invoice processing and account management

The legal basis for this processing is the performance of our contractual obligations to clients and the legitimate interests in delivering quality services.

Legal and Regulatory Compliance

We process personal information to comply with:

• Licensing requirements under Quebec's Private Security Act
• Employment standards and labor law obligations
• Tax reporting and remittance
• Workplace health and safety regulations
• Incident reporting as mandated by law or client contracts
• Responses to lawful requests from law enforcement or regulatory authorities

The legal basis for this processing is compliance with legal obligations.

Business Operations

To maintain and improve our operations, we use personal information for:

• Quality assurance and service improvement
• Employee training and performance management
• Scheduling and resource allocation
• Billing, accounting, and financial audits
• Cybersecurity and information security measures
• Business continuity planning

The legal basis is our legitimate business interests balanced against your privacy rights.

Business Development and Marketing

We process personal information for:

• Sales and business development activities
• Proposal and bid preparation
• Customer support and relationship management
• Marketing communications where you have provided appropriate consent

For marketing purposes, we rely on your explicit consent, which you may withdraw at any time.

Protection of Vital Interests

In emergency situations, we may process personal information to protect the vital interests of individuals, such as contacting emergency services or providing critical information to first responders.

5. Consent

We obtain free, informed, and specific consent where required by law, particularly for:

• Marketing communications
• Non-essential website cookies and tracking technologies
• Certain disclosures of personal information beyond what is necessary for service delivery

Your Right to Withdraw Consent

You may withdraw your consent at any time by contacting our Privacy Officer. Please note that withdrawing consent may affect our ability to provide certain services or communications. For example, if you withdraw consent for marketing emails, you will no longer receive promotional offers, though we will continue to send transactional communications related to your account or services.

Consent for Minors

We do not knowingly collect personal information directly from children under 14 years of age without obtaining consent from a parent or legal guardian, unless specifically permitted by applicable law. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

6. Sharing and Disclosure

We do not sell personal information under any circumstances. We may share personal information with the following categories of recipients under appropriate safeguards:

Service Providers and Contractors

We engage trusted third-party service providers who assist our operations under strict confidentiality commitments, including:

• IT and cloud infrastructure providers
• Background check and verification services
• Payroll and benefits processors
• Professional training and certification organizations
• Emergency dispatch and coordination services

These providers are contractually obligated to protect personal information and use it only for the specific purposes we authorize.

Professional Advisors

We share necessary information with:

• Legal counsel
• Accountants and auditors
• Insurance providers and brokers

Law Enforcement and Regulatory Authorities

We disclose personal information to:

• Police, law enforcement agencies, and public safety officials
• Regulatory bodies including the Bureau de la sécurité privée and the Commission d'accès à l'information
• Courts and tribunals
• Other public authorities when required or permitted by law

Corporate Transactions

In connection with a merger, acquisition, sale of assets, or similar corporate transaction, personal information may be transferred to another organization. We will ensure appropriate confidentiality safeguards are in place and, where required, provide notice and obtain consent for such transfers.

7. Individual Rights

Subject to applicable legal requirements and exceptions, you have the following rights regarding your personal information:

8. Security Measures

We implement comprehensive technical, administrative, and physical safeguards proportionate to the risks associated with processing personal information:

Technical Safeguards

Our security measures include:

• Encryption of data in transit and at rest where applicable using industry-standard protocols
• Multi-factor authentication systems for access to sensitive systems
• Role-based access controls ensuring employees access only information necessary for their roles
• Secure system configuration with regular security updates and patches
• Intrusion detection and prevention systems
• Regular vulnerability assessments and penetration testing
• Secure backup and disaster recovery procedures

Administrative Safeguards

We maintain strict internal controls including:

• Role-based permission structures
• Confidentiality and non-disclosure agreements for all personnel with access to personal information
• Regular privacy and security training for employees
• Vendor security assessments and ongoing monitoring of third-party practices
• Incident response plans and breach notification procedures
• Regular privacy impact assessments for new projects

Physical Safeguards

Our physical security measures include:

• Secured office facilities with controlled access and visitor management
• Locked storage for physical documents containing personal information
• Secure destruction procedures including cross-cut shredding for paper documents and certified electronic data wiping for digital media
• Restricted access to server rooms and data storage facilities

9. Retention and Destruction

We retain personal information only as long as necessary to fulfill the stated purposes and meet legal requirements:

Secure Destruction

When personal information is no longer required for business or legal purposes, it is securely destroyed through approved methods including:

• Cross-cut shredding of physical documents
• Certified electronic data wiping or destruction of storage media
• De-identification or anonymization where data may be retained for statistical or research purposes in a form that does not identify individuals

10. Cookies and Tracking

Our website uses different types of cookies and similar tracking technologies:

Essential Cookies

These cookies are required for basic website functionality such as page navigation, secure access to certain areas, and maintaining your session. Essential cookies cannot be disabled through our cookie banner as they are necessary for the website to function. Examples include session identifiers and security tokens.

Analytics and Performance Cookies

With your consent, we use analytics cookies to:

• Understand how visitors interact with our website
• Identify popular content and navigation patterns
• Detect technical issues and improve website performance
• Measure the effectiveness of our marketing campaigns

We may use services such as Google Analytics for these purposes.

Marketing Cookies

These cookies require your explicit consent and allow us to:

• Deliver personalized content and advertisements
• Track the effectiveness of advertising campaigns
• Limit the number of times you see an advertisement
• Measure user engagement with marketing materials

Managing Cookie Preferences

You can manage your cookie preferences through your browser settings until our cookie banner is fixed. Please note that disabling certain cookies may limit website functionality and your user experience. Blocking essential cookies will prevent you from accessing certain areas or features of the website.

Third-Party Cookies

Some cookies may be set by third-party services that appear on our pages. We do not control these third-party cookies and recommend reviewing the privacy policies of these third parties for information about their data practices.

11. International Transfers

Vision Sécurité primarily operates within Quebec and Canada. However, some of our service providers may process personal information outside of Quebec or Canada, including in jurisdictions that may not provide the same level of data protection.

When personal information must be transferred outside Quebec or Canada, we implement appropriate safeguards including:

• Standard contractual clauses approved by privacy regulators
• Data processing agreements with strict security and confidentiality obligations
• Privacy impact assessments to evaluate risks associated with the transfer
• Ongoing oversight and audits of third-party processors

We remain fully responsible and accountable for personal information entrusted to service providers regardless of their geographic location. If you have concerns about international transfers of your information, please contact our Privacy Officer.

12. Privacy Incidents and Breach Notification

We maintain a confidentiality incident register and conduct thorough risk assessments following any privacy incident to determine the likelihood and severity of harm to affected individuals.

Breach Response

In the event of a privacy breach that poses a risk of serious harm to affected individuals such as identity theft, fraud, or damage to reputation or relationships, we will:

• Notify the Commission d'accès à l'information du Québec and, where applicable, the Office of the Privacy Commissioner of Canada as soon as feasible
• Notify affected individuals directly and without undue delay, providing information about the nature of the breach, the personal information involved, the potential consequences, and steps we are taking to mitigate harm
• Take immediate containment and remediation measures to prevent further unauthorized access or loss
• Conduct a post-incident review to identify root causes and implement corrective measures to prevent recurrence

Your Right to Notification

You have the right to be informed of any privacy breach that may cause you serious harm. We commit to transparent and timely communication in such circumstances.

13. Children's Privacy

Vision Sécurité does not knowingly collect personal information directly from children under fourteen (14) years of age without obtaining proper consent from a parent or legal guardian, unless specifically permitted by applicable law.

If we become aware that we have inadvertently collected personal information from a child under 14 without appropriate parental consent, we will take prompt steps to delete the information from our systems. If you believe we have collected information from a child improperly, please contact our Privacy Officer immediately.

14. Transparency and Impact Assessments

We conduct Privacy Impact Assessments (PIAs) where required by law for projects involving the acquisition, development, or redesign of information systems or electronic service delivery that may affect the processing of personal information.

These assessments help us identify and mitigate privacy risks before implementing new technologies or processes. Our PIAs evaluate:

• The sensitivity of personal information involved
• The purposes and legal bases for collection and use
• The quantity and distribution of data
• The storage medium and security measures
• The risks to individuals' privacy rights
• Mitigation strategies to reduce identified risks

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or organizational structure. When we make changes, we will update the "Last Updated" date at the top of this Policy.

Notice of Material Changes

For significant modifications that materially affect your rights or our practices, we will provide additional notice through:

• Prominent website announcements
• Direct email communication to clients and registered users
• Other appropriate means depending on the nature of the changes and our relationship with you

Your Responsibility

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Continued use of our services after changes are posted constitutes acceptance of the updated Policy.

16. Contact and Complaints

For privacy-related inquiries, concerns, complaints, or to exercise your privacy rights, please contact:

Regulatory Authorities

If you are not satisfied with our response to your privacy concern or complaint, you have the right to file a complaint with regulatory authorities:

These regulators can investigate your complaint independently and have enforcement powers including the ability to issue orders and impose penalties for non-compliance.