CITIZENONE CORPORATE GROUP PERSONAL INFORMATION PROTECTION POLICY
This Privacy Policy is the exclusive property of the Company Group. No part of this document may be reproduced in any form or by any means without the prior written permission of the author. For any reproduction, follow the CC BY-ND 4.0 standard of Creative Commons, i.e.: without modification and in its entirety with attribution of our copyright and mention of our company name.
© 2025 CitizenOne
By browsing our websites or using our products, you acknowledge that you have read and understood this Policy and consent to the processing of your personal information in accordance with this Policy, where applicable.
CitizenOne Inc. and all its affiliates including 10084182 Canada Inc. O/A Becker-Carroll, Vivvo, Solutions Notarius Inc., 1CRM and OPIN Digital, hereinafter referred to as the "Group", are committed to protecting the personal information they collect, use and retain.
We understand the importance you place on protecting your privacy, and we are committed to maintaining the confidentiality of the Personal Information we collect about you in the course of our business in accordance with applicable laws. As such, the Group is a "data controller". This means that we collect Personal Information directly from you and that we determine the purpose and means of "processing" this Personal Information.
"Processing" is a broad term that means the collection, use, storage, transfer or other action related to your Personal Information; it is used in this Policy in this manner.
It is our responsibility to ensure that any Personal Information collected will be handled securely. Our Privacy Policy informs you of our practices in this area. It explains why we collect it, how we handle it and how we protect it. This Policy applies for as long as we hold your information, including after the end of our business relationship.
Please note that this Privacy Policy also applies to the Personal Information of our employees and other persons or organizations having a business relationship with the Group.
THIS PRIVACY POLICY SUPPLEMENTS THE TERMS OF USE OF OUR PRODUCTS AND THE CODE OF ETHICS AND CONDUCT OF THE GROUP, WHERE APPLICABLE.
Our CEO is our Chief Privacy Officer (hereinafter "CPO"), responsible for ensuring compliance and implementation of legal requirements and compliance with this Policy. If you have any questions about this Policy, you may contact him at the address indicated in section 10 of this document.
In Quebec, under the Act to modernize legislative provisions respecting the protection of personal information (LQ 2021, c25), personal information is defined as:
“Any information that relates to a natural person and allows that person to be identified.”
Personal information may, alone or in combination with other information, directly or indirectly allow you to be identified.
It is possible that some of the information that we classify as Personal Information for the purposes of this Policy may not be protected by applicable laws, in which case you may not have the same rights with respect to it.
Personal Information may include information collected about you using cookies or other technologies. Cookies are small pieces of information stored in a browser or device when you visit a website, which remember your preferences or information about you.
We are responsible for Personal Information in our possession or custody, as well as for Personal Information transferred to a third party for processing. Wherever possible, we will anonymize, pseudonymize and/or aggregate this data so that it no longer identifies an individual.
Our Chief Privacy Officer (CPO) is responsible for ensuring that we comply with this Policy and applicable privacy laws.
The Group limits the Personal Information it collects to that which it needs for the defined purposes and uses it only for those purposes. If we want to use your Personal Information for another purpose, we will describe the intended use and again ask for your express prior consent.
The Group will not use Personal Information for purposes other than those for which it was collected, except with the Data Subject's renewed consent, unless:
a) legal, medical or safety reasons prevent consent; or
b) the Group is authorized or required to do so under applicable law.
If a purchaser decides to proceed with the purchase of products on one of the Group's websites for a future Owner or Customer, the Personal Information collected by the purchaser must have been collected by lawful means and solely for the purposes identified prior to collection. The Holder or Customer must have given his or her prior consent. Such consent must be expressly given in the case of sensitive Personal Information.
In general, if you provide us with Personal Information about anyone other than yourself, such as your employees, third parties, advisors or suppliers, you must ensure that they understand how their Personal Information will be used, and that they have given you permission to disclose it to us and to allow us and our suppliers to use it.
Your information belongs to you. Subject to legal, commercial or contractual requirements, you have the right to withdraw your consent to the collection, use or disclosure of Information. We will process your request as soon as possible. However, certain information is essential for us to provide you with certain products and services. If you refuse to provide it, it may be difficult, if not impossible, to have a business relationship with you or even to offer you some of our products.
We may collect your Personal Information directly from you when you:
We may also collect Personal Information indirectly from:
The Group may use your Personal Information for the following purposes:
We will not disclose your Personal Information to anyone outside the Group without your consent, except as described below or as required or permitted by applicable law.
We may share your Personal Information with the following parties:
In all cases, the Group ensures that any third party receiving Personal Information provides a level of protection comparable to that required by applicable laws and consistent with this Policy.
The Group ensures that the purposes for which Personal Information is collected are clear at the time of collection.
We will obtain your consent before collecting, using, or disclosing your Personal Information, except where otherwise permitted or required by law. Consent may be express (verbal, written, electronic) or implied (when the purpose is obvious, and you voluntarily provide the information).
The form of consent we seek will depend on the sensitivity of the Personal Information, the reasonable expectations of the individual, and the circumstances. For sensitive Personal Information, such as financial or health-related information, we will obtain express consent.
You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw your consent, please contact our Chief Privacy Officer as described in Section 10 of this Policy. We will inform you of the implications of withdrawing consent.
If you refuse or withdraw your consent, the Group may be unable to provide you with certain products, services, or employment opportunities.
The Group will retain Personal Information only as long as necessary for the fulfillment of the purposes for which it was collected, to meet legal and regulatory requirements, or to protect its legitimate business interests.
Once the purpose for which the Personal Information was collected has been fulfilled, and after the expiration of applicable retention periods, the Group will securely destroy, delete, or anonymize the Personal Information, in a manner that ensures it cannot be reconstructed or read.
When determining retention periods, the Group considers:
Employees handling Personal Information are required to comply with the Group’s retention schedules and destruction protocols to ensure proper lifecycle management of data.
The Group takes reasonable steps to ensure that the Personal Information it collects, uses, or discloses is as accurate, complete, and up to date as necessary for the purposes for which it is to be used.
We rely on individuals to provide accurate and complete information and to notify us of any changes to their Personal Information. For example, it is your responsibility to inform us promptly of a change in your mailing address, telephone number, or e-mail address so that we can continue to communicate with you effectively.
If you believe that any Personal Information we hold about you is inaccurate, incomplete, or out of date, you have the right to request a correction. We will evaluate your request and, if appropriate, amend our records. Where a correction is not possible, we will annotate our records to indicate the requested correction.
The Group may collect payment card information from its customers in the context of purchases of its products and services.
Payment information is considered highly sensitive Personal Information. For this reason, the Group follows strict security and confidentiality standards when handling such data, in compliance with the Payment Card Industry Data Security Standard (PCI DSS) and applicable laws.
We do not store full credit or debit card numbers on our systems. Only the last four (4) digits of the card number and the card expiration date may be retained, and only for as long as necessary to complete the transaction or as required by law.
All payment transactions are processed through secure third-party payment service providers. These providers are contractually obligated to protect your Personal Information and to use it solely for the purpose of processing payments on behalf of the Group.
If you provide payment information, you consent to its use and disclosure for the purposes of processing your transactions, preventing fraud, and complying with legal and regulatory obligations.
The Group applies rigorous security standards and uses reasonable physical, organizational, and technological measures to protect Personal Information against loss, theft, unauthorized access, disclosure, copying, use, or modification.
Security measures include, but are not limited to:
Despite these measures, no system or method of transmission over the Internet or method of electronic storage is completely secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.
Employees who have access to Personal Information are required to protect it and to comply with this Policy and related security practices. Failure to do so may result in disciplinary measures, up to and including termination of employment.
You have the right to request access to the Personal Information we hold about you, subject to the exceptions provided by applicable laws.
Upon written request and satisfactory identification, the Group will inform you of the existence, use, and disclosure of your Personal Information and provide you with access to that information within a reasonable timeframe, generally within 30 days.
In some cases, access may be restricted or denied, for example if:
If we refuse your request, we will explain the reasons for the refusal and inform you of any recourse available to you.
You may also request that we correct or update your Personal Information if it is inaccurate or incomplete.
To make an access or correction request, please contact our Chief Privacy Officer as described in Section 10.
The Group has appointed a Chief Privacy Officer (CPO) who is responsible for ensuring compliance with this Policy and with applicable privacy laws.
If you have any questions, concerns, or complaints regarding the collection, use, or disclosure of your Personal Information, or about this Policy, you may contact our Chief Privacy Officer at:
Chief Privacy Officer
CitizenOne Group
[Insert mailing address]
[Insert email address]
[Insert telephone number]
We will respond to your inquiries as quickly as possible and within the timelines prescribed by law.
If you are not satisfied with our response, you may have the right to file a complaint with the relevant privacy commissioner or regulatory authority in your jurisdiction.
The processing of Personal Information is governed by laws applicable in various jurisdictions. This Policy and all related transactions shall be governed by the laws and construed in accordance with Quebec of including:
The Group reserves the right to modify this Policy at any time Privacy. All changes will be posted on the websites Group's and will take effect immediately upon posting. We will take reasonable steps, if necessary, to inform affected individuals of any material changes. Check this periodically for Policy changes. You will be deemed to have accepted changes to this Policy if you continue to provide us with Personal Information after changes are posted.
This Policy is reviewed and updated regularly to ensure that it complies with changes regulatory and best practices. A minimum annual review is in place.
The Privacy Policy is approved by the Group COO, on behalf of the Privacy Officer, including any changes to be made.
The COO oversees its application day-to-day.