GIRO Inc./Le Groupe en Informatique et Recherche Opérationnelle (hereinafter “GIRO”, “our”, “we” or “us”) is committed to respecting your privacy. This Privacy Policy (hereinafter the “Policy”) outlines GIRO’s commitment to data privacy and the protection of personal information. It is meant to help you better understand GIRO’s practices regarding the collection, use, disclosure, and retention of your personal information. 

GIRO is committed to protecting your personal information in accordance with applicable legal and regulatory requirements. GIRO is also committed to ensuring the security of this information, regardless of the medium used. 

The protection of our employees’ personal information is governed by a set of separate guidelines available on the company’s internal portal. 

WHAT IS PERSONAL INFORMATION? 

By “personal information”, we mean any information that, taken alone or combined with other information, pertains to a natural person and allows them to be identified, directly or indirectly. In general, personal information does not include your professional contact details such as your name, title, business address, or work phone number. 

WHAT PERSONAL INFORMATION DO WE COLLECT? 

When you visit our website or use our customer portal, apply for a job with us, register for a HASTUS user group, or communicate with us, we collect certain personal information about you.  

In the course of our interactions with you and the delivery of our services, we may collect and process various types of personal information, including: 

  • Identity information, such as a first or last name; 
  • Contact details, such as a name, address, email address and phone number; 
  • Information related to marketing and communication preferences; 
  • Information related to your participation in a HASTUS user group, such as dietary preferences, feedback, and survey responses; 
  • Information relating to your job application, such as a resume, educational and employment history, details of professional affiliations, and other information relevant to your potential recruitment or association with GIRO; 
  • Information about your use of our website, such as details of your visits to our website, interaction with our online content, or information collected through cookies and other tracking technologies; 
  • Any other personal information provided. 

WHY DO WE USE YOUR PERSONAL INFORMATION? 

GIRO collects, uses, and discloses your personal information for purposes determined at the time of collection or as permitted or required by law. This includes the following purposes: 

  • Establishing and managing relationships with our customers; 
  • Registering you for a HASTUS user group and obtaining your feedback on the event; 
  • Recruiting staff, processing applications, and evaluating the candidate’s profile in relation to job requirements; 
  • Facilitating the use of our website, ensuring its relevance and effective presentation for you and your device, and monitoring how it is used; 
  • Responding to your questions and requests submitted through our website; 
  • Conducting business development and marketing, such as informing current and prospective customers about our products, services, and events; 
  • Meeting our legal and regulatory obligations; 
  • Any other purpose to which you have consented. 

We will use this personal information solely for the primary and legitimate purpose for which it was collected, or for purposes compatible with that primary purpose. 

WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? 

To provide our services to our customers, respond to your requests, register you for a HASTUS user group, or evaluate your application for a position with us, we may provide your personal information to our service providers and partners. We may also disclose it to meet a legal obligation or to assert our rights. 

Third parties to whom GIRO may disclose your information include: 

  • Third-party service providers and/or partners who provide us with services, such as services related to our website, criminal background check services, and services related to holding HASTUS user groups. In this case, the personal information provided is limited to only what these providers need to provide their services, and they are obliged to keep this information confidential. 
  • Public government authorities and law enforcement agencies when required by applicable law or when needed to provide our services. 

GIRO will never sell your personal information. 

WHERE DO WE STORE YOUR PERSONAL INFORMATION? 

Your personal information is hosted in Canada. 

When we share your personal information with third-party service providers and/or partners (see the section “With whom do we share your personal information?”), it may be processed in other countries. In this case, GIRO ensures the confidentiality of your personal information by requiring appropriate contractual guarantees from our providers and partners and by verifying that they have adequate security measures in place. 

HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION? 

Personal information is kept only as long as necessary for the purposes set out in this Policy and to ensure compliance with our legal and regulatory obligations.  

If you would like to learn more about how long we retain your personal information, please contact our Privacy Officer at the contact details provided in the “How to contact us?” section. 

HOW DO WE PROTECT YOUR PERSONAL INFORMATION? 

GIRO implements appropriate administrative, technical, and physical measures to protect your personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, misuse, or any other illegal form of processing, including:  

  • Administrative measures such as educating GIRO employees on best practices for computer security and data privacy, running criminal background checks, and signing confidentiality agreements with every partner and provider. 
  • Technical measures such as managing access based on the need-to-know, two-factor authentication, encrypting laptops, automatic screen locking, and masking personal information. 
  • Physical measures such as restricting access to GIRO’s premises and video surveillance of these entrances.  

These measures are part of GIRO’s internal security control framework. This framework is based on the ISO/IEC 27001 (2022) standard and is reviewed annually to take into account the evolving risk level. 

Please note, however, that no method of Internet transmission or electronic storage is 100% secure. We therefore cannot guarantee the absolute and complete security of the information you transmit to us. If you have reason to believe that your personal information has been compromised, please contact us at the contact details provided in the “How to contact us?” section. 

WHAT RIGHTS DO YOU HAVE REGARDING YOUR PERSONAL INFORMATION? 

Under certain circumstances and in accordance with applicable data protection laws, you have the following rights concerning your personal information: 

  • Right to access: You can obtain information about how GIRO processes your personal information and a copy of this information; 
  • Right to rectify: If you believe that your personal information is inaccurate or incomplete, you can ask us to correct it; 
  • Right to withdraw consent: Under certain circumstances, you can withdraw your consent to the disclosure or use of your personal information collected by GIRO. 
  • Right to data portability: you can ask us to provide you (or the organization of your choice) with your computerized personal information that you have provided directly to us. Absent serious practical difficulties to do so, your computerized personal information shall be provided in a structured, commonly used technological format.

In addition, under the European General Data Protection Regulation (hereinafter the “GDPR”), you have the following additional rights if you are a resident of a European Union country: 

  • Right to erasure: You can ask us to delete your personal information within the limits permitted by the regulation, such as when the personal information is no longer required for the purposes for which it was collected or to comply with a legal obligation, or when it is no longer required for the establishment, exercise, or defense of legal claims;  
  • Right to restriction of processing: You can ask us to suspend the processing of some of your personal information in circumstances permitted by the regulation, such as to verify its accuracy or the reason for processing it;  
  • Right to data portability: If you have given your consent for GIRO to use your personal information, you can ask us to transfer your information to you or directly to a third party in a structured, commonly used, and machine-readable format, if technically possible to do so; 
  • Right to object: You can object, on grounds relating to your particular situation, to GIRO processing your personal information for a legitimate interest (or that of a third party) or for certain direct marketing purposes; 
  • Rights relating to automated decisions: You have the right to be informed of a decision concerning you based exclusively on the automated processing of your personal information by GIRO. You also have the right to contest any automated decision that has a significant legal or similar impact, and to request that it be reconsidered. 

To exercise any of these rights, please contact us as indicated in the “How to contact us?” section. 

You can also lodge a complaint with a data protection authority, especially in the country, province, or state where you normally reside or where we are located. 

HOW DO WE USE COOKIES AND SIMILAR TECHNOLOGIES? 

For detailed information about the cookies we use on our website, please consult our Cookie Guidelines, which is part of this Policy. 

HOW TO CONTACT US? 

For questions about our Privacy Policy and practices, to exercise your rights, or to file a complaint, please contact our Privacy Officer by email at dpo@giro.ca

HOW DO WE UPDATE THIS POLICY? 

We reserve the right to modify the content of this Policy without notice to keep it up to date with applicable legislation and our operations. We, therefore, encourage you to consult this Policy each time you visit our website or provide us with your personal information to stay informed about how we process your personal information.