CyberPerformance Privacy Policy

We are committed to respecting the privacy of our users and ensuring the protection of their personal information in accordance with Bill 25. This policy provides comprehensive details about the types of information we collect, how we use it, the security measures in place, and your rights in this regard. It applies to all digital and contractual interactions between CyberPerformance and its clients, prospects, partners, and website visitors.

1. Personal Data Collection We collect only the personal information necessary for providing our services, managing client relationships, securing our operations, and ensuring legal compliance. The information collected may include:

  • First and last name
  • Email address
  • Mailing address
  • Telephone number
  • Contractual information
  • Banking or payment information (via Zoho Invoice)
  • Voice recording data from telephone calls
  • IP addresses and browsing data when you visit our website

2. Data Usage Personal information is used for the following purposes:

  • Responding to user inquiries and communications
  • Processing payments and issuing refunds via Zoho Invoice (banking data is not hosted on our servers)
  • Managing electronic signatures of legal documents via Zoho Sign
  • Managing customer relationships via Zoho CRM
  • Managing appointments and scheduling via Zoho Bookings
  • Sending newsletters and commercial communications with prior consent
  • Improving user experience and website usability
  • Preventing fraud, abuse, and disputes by using call recordings as evidence of good faith or verbal agreements

2.1 Sharing Information with Business Partners

As part of its operations, CyberPerformance may share certain personal information (first and last name, email address, phone number) with carefully selected business partners for the following purposes:

  • Referring prospects to partners whose services align with the needs they have expressed
  • Collaborating with trusted third parties as part of joint or complementary service offerings
  • Facilitating a commercial follow-up by an accredited partner when CyberPerformance determines that such a referral would serve the best interests of the individual

This sharing is grounded in CyberPerformance’s legitimate interest in providing quality referral services, following an internal assessment confirming that the transfer does not unreasonably infringe upon the rights and freedoms of the individuals concerned. It is governed by the following conditions:

  • Prior assessment: before any information is shared, CyberPerformance evaluates the relevance and proportionality of the transfer in light of the prospect’s expressed needs and the nature of the partner’s services
  • Qualified partners: only partners who have signed a confidentiality agreement and committed to upholding data protection standards equivalent to those of CyberPerformance are authorized to receive such information
  • Limited purpose: partners may only use the information for the specific purpose for which it was shared and are strictly prohibited from reselling or redistributing it to any third party
  • Right to object: any individual may object to the sharing of their personal information with business partners by contacting our Privacy Officer at [email protected]. CyberPerformance commits to addressing all objection requests within 30 business days.

CyberPerformance remains accountable for ensuring that all partners receiving personal information comply with their obligations under applicable privacy legislation.

3. Legal Basis for Processing Our processing is based on:

  • Free, informed, and specific consent of the individual concerned
  • Performance of a contract between the user and CyberPerformance
  • Compliance with our legal obligations (e.g., retention of tax documents)
  • Pursuit of legitimate interests, particularly in matters of security, fraud prevention, and continuous service improvement, without infringing on the fundamental rights of individuals

4. User Rights In accordance with Bill 25, any person whose personal information is collected may:

  • Access their personal data
  • Request its correction
  • Request its deletion, when permitted
  • Object to its use for prospecting purposes
  • Withdraw consent at any time when processing is based on consent
  • Exercise their right to data portability: in this case, we will create a secure and restricted Google Drive folder containing the requested information in a structured, commonly used, and machine-readable format

5. Data Transfer Outside Quebec We use third-party platforms whose servers are located outside Quebec, particularly in the United States, including:

  • Zoho Sign (electronic signature)
  • Zoho Invoice (billing and payment processing)
  • Zoho CRM (customer management)
  • Zoho Bookings (appointments)
  • Google Workspace (professional emails, internal documents)

Before using these services, a privacy impact assessment was conducted, confirming that adequate security measures are in place, including encryption, access controls, and compliance with international certifications (ISO 27001, SOC 2). Contractual clauses and data protection mechanisms govern all these transfers.

6. Data Retention Unless otherwise specified or required by law, personal information is retained for a maximum of three (3) years following its collection or the end of the contractual relationship. Regarding recorded calls, the retention period is extended to ten (10) years to preserve evidence in case of dispute or contractual recourse. This duration is based on the principle of proportionality and the legitimate purposes of mutual protection between parties.

7. Telephone Call Recording CyberPerformance may record all incoming and outgoing calls for quality, training, and contractual validation purposes. This practice is disclosed through our privacy policy and applies to anyone communicating with us. These recordings are:

  • Encrypted and secured via a restricted-access system
  • Retained for a maximum of ten (10) years
  • Used only to assert a verbal agreement, demonstrate absence or involvement of liability, or serve as evidence in case of dispute
  • Accessible only to authorized persons and, in certain cases, judicial authorities

An opt-out mechanism is available: any person may request deletion of their recording if it does not interfere with the legitimate purpose of retention, by writing to [email protected] or to our head office, whose address is listed in the Quebec Business Register. In cases of judicial requests, a rigorous protocol will be followed, including authentication of the requester and, if necessary, an in-person meeting. Reasonable fees may be charged.

8. Cookies Our site uses cookies to improve user experience and measure the effectiveness of our campaigns. On your first visit, a consent banner allows you to:

  • Accept essential cookies, enabled by default
  • Accept or refuse analytical and advertising cookies (Google Analytics, Facebook Pixel, etc.)
  • Manage your preferences at any time via a link at the bottom of the page

No cookies are activated without your explicit consent, except those strictly necessary for the technical operation of the site.

9. Data Security CyberPerformance implements strict security measures, both technical and administrative:

  • SSL/TLS encryption for all communications
  • Restricted access to sensitive data via two-factor authentication
  • Regular automatic backups
  • System connection logging
  • Regular staff training on privacy and secure information management

10. Personal Information Protection Officer (PIPO) Antoine Côté, President of CyberPerformance, is designated as PIPO. He oversees:

  • Implementation of Bill 25 within the company
  • Responses to access, correction, or deletion requests
  • Management of privacy incidents
  • Risk assessment related to third-party tools

He can be contacted:

  • Via the form on the “Contact Us” page
  • By email at [email protected]
  • By phone at (418) 431-7824 ext. 101

11. Complaint Procedure Any person wishing to submit a complaint or request regarding their personal information may do so in writing to the designated officer. We are committed to processing all requests within a maximum of 30 business days. In case of dissatisfaction, a complaint may be filed with the Commission d’accès à l’information du Québec (CAI).

12. Notification of Privacy Breach In the event of a personal information breach likely to present a high risk to rights and freedoms, CyberPerformance will notify the incident to the CAI within 72 hours, unless the risk is deemed negligible. If the risk is high, affected individuals will also be informed by appropriate means, including measures taken to mitigate the consequences.

13. Policy Updates This privacy policy may be modified at any time to reflect legislative, technological, or organizational changes. In case of substantial modifications, a notice will be published on our site. We invite you to consult this page regularly.

14. General Information CyberPerformance is registered with the Quebec Business Register under NEQ: 1171593842. Our head office is located at 2828 Ste-Anne, Lévis, G6J 1H8, Canada. All content on our site, including texts, photographs, logos, and visual elements, is protected by copyright laws.

15. Intellectual Property and Site Usage This website and its content are the exclusive property of CyberPerformance. You agree not to reproduce, distribute, modify, or transmit any part of this site without our prior written authorization. Any fraudulent or abusive use will result in immediate exclusion and may lead to legal action.