Privacy and Cookie Policy: your personal data | Amélio
Amélio

Privacy and Cookie Policy

Last updated: January 20, 2026

1. Introduction

In this policy (hereinafter the "Policy"), "we", "our" and "us" refer to Amélio inc. (hereinafter "Amélio").

We are committed to collecting, using, disclosing, retaining and destroying the Personal Information of the users of our services, regardless of the nature of its medium and regardless of the form in which it is accessible, in accordance with the Policy.

This Policy applies in two contexts:

  1. As a controller, when we determine the purposes and means of processing the Personal Information of visitors to our website and general users of our services. This includes cases where Amélio directly collects, stores or uses Personal Information to improve our website, our services or our marketing communications.
  2. As a processor on behalf of our clients, in connection with services such as employee engagement, analytics, and recognition. Here, Amélio processes Personal Information exclusively on the instructions of its clients and in accordance with contractual obligations, where the client determines the purposes of processing and Amélio applies specific procedures to manage and secure this data.

We use cookies on our website. By using our website or our service, you consent to the use of cookies. Our website incorporates privacy controls that affect how we will process your Personal Information. Using the privacy controls, you can specify whether you wish to receive direct marketing communications and limit the publication of your information. You can access the privacy controls through each marketing email we send. No marketing communication is sent to the employees of client organizations, unless they have voluntarily subscribed to our marketing communications through our website.

This policy also aims to disclose the roles and responsibilities of Amélio's staff members from the collection through to the destruction of your Personal Information.

If you have any questions regarding your Personal Information and, after reading the Policy, those questions remain, you may contact Amélio's officer in charge of the protection of Personal Information at the following email address: [email protected].

2. Definitions

In this Policy, the following terms mean:

  1. "Personal Information" means any information that relates to a natural person and allows that person to be identified, directly or indirectly;
  2. "Officer" means the officer in charge of the protection of Personal Information appointed from time to time by Amélio to ensure compliance with and the implementation of the Act, which Officer may be reached at the contact details contained in this Policy;
  3. "Act" means the Act respecting the protection of personal information in the private sector, chapter P-39.1, including any subsequent amendment or modification made to this act, as well as any other applicable law relating to the protection of personal information originating from a competent jurisdiction in which Amélio collects Personal Information.

3. Consent and collection of Personal Information

By accepting Amélio's services, you grant us your consent with respect to your Personal Information in accordance with this Policy.

By using our website or our service, you consent to the collection of your Personal Information and to the use of cookies.

Where required, Amélio relies on various legal bases for the processing of personal information, including in particular consent, the performance of a contract, compliance with legal obligations or legitimate interests, in accordance with applicable laws.

4. Purposes for which Personal Information is collected

In this section, we have set out:

  1. the general categories of Personal Information that we may process;
  2. in the case of Personal Information that we did not obtain directly from you, the source and the specific categories of that data;
  3. the purposes for which we may process Personal Information;
  4. the legal bases for the processing.

We may process data concerning your use of our website and our services (hereinafter "Usage Data"). The usage data may include your IP address, geographic location, browser type and version, operating system, referral source, length of visit, pages viewed and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analyzing the use of the site and services. The legal basis for this processing is our legitimate interest, namely the monitoring and improvement of our website and our services.

We may process the data of your website user account (hereinafter "Account Data"). The account data may include your name, occupation, age, email address and certain other demographic attributes. The source of the account data is: you or your employer. The account data may be processed for the purpose of operating our website, providing our services, ensuring the security of our website and our services, maintaining backups of our databases and communicating with you. The legal basis for these operations is: our legitimate interests, namely the proper administration of our website and our business, OR the performance of a contract between you, or your employer, and us. We may take steps, at your request, to enter into such a contract.

We may process your information included in your personal profile on our website (hereinafter "Profile Data"). The profile data may include your name, telephone number, email address, profile photos, gender, date of birth and employment details. The profile data may be processed for the purpose of enabling and monitoring your use of our website and our services. The legal basis for this processing is: our legitimate interests, namely the proper administration of our website and our business, OR the performance of a contract between you, or your employer, and us.

We may process your personal data that is provided in connection with the use of our services (hereinafter "Service Data"). The service data may include details about employees' employment. The source of the service data is: you or your employer. The service data may be processed for the purpose of providing our services, ensuring the security of our website and our services, maintaining backups of our databases and communicating with you. For data processed on behalf of our clients, processing is carried out according to the specific instructions of each client. The legal basis for this processing is the performance of a contract between you, or your employer, and us.

We may process information relating to our client relationships, including client contact information (hereinafter "Client Relationship Data"). The client relationship data may include your name, your employer, your title or position, your contact details and the information contained in the communications between us and you or your employer. The source of the client relationship data is: you or your employer. The client relationship data may be processed for the purpose of managing our client relationships, communicating with clients, keeping records of these communications and promoting our products and services to clients. The legal basis for this processing is our legitimate interest, namely the proper management of our client relationships.

We may process information relating to transactions, including purchases of goods and/or services, that you enter into with us and/or through our website (hereinafter "Transaction Data"). The transaction data may include your contact details, your card details and the transaction details. The source of the transaction data is: you and/or our payment service provider.

We may process the information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (hereinafter "Notification Data"). The notification data may be processed for the purpose of sending you the corresponding notifications and/or newsletters. The legal basis for this processing is consent.

Please do not provide us with the Personal Information of another person, unless we invite you to do so and only on the condition that you have obtained that other person's consent to the disclosure of their Personal Information.

5. Disclosure of Personal Information

We want you to understand with whom we share the Personal Information that we collect about you or when you use Amélio's services. Accordingly, Amélio shares your Personal Information with the following persons:

  1. Infrastructure, security and integration providers – Amélio may disclose personal information to service providers and processors that assist it, in particular with data hosting, systems security, the operation of the services and optional integration with third-party systems.

    These providers may include, but are not limited to, cloud infrastructure providers (for example, Microsoft Azure and Amazon Web Services), application and network security and protection service providers (for example, Cloudflare), as well as third-party system integration providers when the client organization chooses to enable these features (for example, GetKnit, for integration with human resources information systems).

    When Amélio discloses personal information to such processors, appropriate contractual, technical and organizational measures are put in place to ensure the confidentiality, security and compliance of the processing of personal information, in accordance with applicable laws.

  2. Authorized service providers – We may disclose your contract data to our insurers and/or professional advisers to the extent reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or establishing, exercising or defending legal claims, whether before the courts in judicial proceedings or in the context of administrative or out-of-court proceedings.

    Financial transactions relating to our website and our services may be processed by our payment service provider Stripe. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding such payments and handling complaints and queries relating to these payments and refunds. You can find information about the privacy policies and practices of the payment service providers at https://stripe.com/fr-ca/privacy.

  3. Business partners – Amélio may share your Personal Information with its business partners in order to offer you services through our website or our services. In such cases, measures will be put in place to ensure the confidentiality of your Personal Information.
  4. Business transaction – In the context of a significant transaction by Amélio, such as the sale of the company, a merger, a sale of assets, or in the unlikely event of bankruptcy. Any third party to whom Amélio discloses your Personal Information undertakes to use that Personal Information in accordance with this Policy, unless you indicate otherwise.

In addition to the specific disclosures of Personal Information set out in this section, we may disclose your Personal Information where such disclosure is necessary to comply with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Information where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in the context of judicial proceedings or administrative or out-of-court proceedings.

In other cases, Amélio must obtain your consent in order to disclose or transmit your Personal Information to a third party that is not covered by this Policy, except where we are justified in doing so under an exception provided for in the Act.

Amélio undertakes to inform the client concerned as soon as such a request is received, unless a legal prohibition prevents us from doing so. We apply a strict process for analyzing these requests in order to ensure their legitimacy and their compliance with applicable regulations and our contractual commitments. If a request is deemed abusive or non-compliant with legal requirements, we reserve the right to contest it.

When a disclosure of personal information is required to a jurisdiction outside that of the client organization, Amélio carries out a risk assessment in order to ensure that the data benefits from an adequate level of protection. This analysis makes it possible to adapt the protection measures and ensure compliance with applicable legal requirements.

6. Processing of personal information for users of the Amélio platform (app.amelio.co)

This section is intended for the users of client organizations who access the Amélio platform through the secure interface (app.amelio.co). As a workplace engagement, recognition and survey platform, Amélio processes personal information in connection with the provision of its services. This processing is carried out in accordance with Law 25 (Quebec), the General Data Protection Regulation (GDPR), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

Interactive modules (Recognition and Colab)

The Recognition and Colab modules allow users to share content that may include personal information. You can choose to make your messages public to your team or to your entire organization, or to keep them private. Participants' names and titles may be visible depending on the settings chosen. You can also post anonymously in Colab. These settings are customizable in your profile or by the administrator of your organization.

Event announcements

Automated announcements may be sent to your manager and/or your colleagues to mark your birthday or your years of service in the organization. You can configure your preference for these announcements in your user profile.

Sending surveys by text message

If you have provided your mobile phone number in your user profile, it may be used to send you a link to a survey by text message (SMS). This service is provided by our messaging provider Twilio Sendgrid, located outside Quebec. Twilio complies with international information security standards (GDPR, SOC2, ISO 27001 certifications) and is subject to a privacy impact assessment.

Use of artificial intelligence features

Amélio offers certain features based on artificial intelligence technologies in order to help its clients analyze information on an aggregated basis and support human decision-making.

In connection with these features:

  • the artificial intelligence systems are hosted and operated within Amélio's secure environment on cloud infrastructures located in Canada;
  • personal information is processed in accordance with the instructions of the client organization, which acts as the controller;
  • the results produced by the AI are provided as decision-making support and do not replace human judgment;
  • no automated decision producing legal or similar effects on a person is made.

The data provided in connection with these features is not used to train or improve the artificial intelligence models operated by Amélio, unless otherwise indicated and explicitly documented and governed in accordance with applicable legal obligations.

Additional information about these features is available in the dedicated documentation, including the AI fact sheets and the applicable impact assessments.

User profile and confidentiality of attributes

Your user profile contains attributes such as name, role, team, or other information provided by your organization. The administrator may choose to hide certain attributes in the recognition and suggestion modules. If an attribute is hidden, it will not be visible in your profile to other employees.

Retention period and users' rights

Your personal information is retained for as long as your organization maintains an active account with Amélio. You may request at any time:

  • access to your data,
  • its correction,
  • or its deletion.

These requests may be made:

  • directly in your user profile (if the option is available),
  • by contacting the administrator of your organization,
  • or by writing to us at: [email protected].

When Amélio acts as a processor, requests relating to the rights of the persons concerned are handled in accordance with the instructions of the client organization, which remains the controller.

7. International transfers of Personal Information

Your Personal Information may be disclosed outside Quebec. Where applicable, Amélio undertakes to carry out a privacy impact assessment and to make the disclosure only if the assessment demonstrates that the Personal Information disclosed benefits from adequate protection. In that case, the disclosure of the Personal Information is the subject of a written agreement that takes into account the results of the said assessment and any terms agreed upon in order to mitigate the risks identified in the course of that assessment.

Your Personal Information contained in the database of our website will be stored on the servers of our hosting service providers. The hosting facilities of our website are located in Canada or the United States. Transfers to each of these countries will be protected by appropriate safeguards. However, in accordance with our security policy, all Personal Information processed on behalf of our clients is hosted in secure environments located in Canada, primarily in Quebec, with encrypted backup copies kept in other Canadian regions in order to ensure the availability and resilience of the services.

You acknowledge that the Personal Information that you submit for publication (such as blog comments) through our website may be available, via the Internet, worldwide. We cannot prevent the use (or misuse) of such Personal Information by others.

In connection with certain communications by email or SMS, limited information (email addresses and/or telephone numbers) may be transferred to Twilio Sendgrid, our messaging provider located in the United States, or to any other provider doing business with Amélio from time to time. This transfer is strictly limited to the information necessary to facilitate these communications, and appropriate protective measures, including technical safeguards, are put in place to ensure the security and confidentiality of the data during its processing.

Amélio's client organization is responsible for informing its employees or end users that their information (email address and/or telephone number) may be transmitted to Twilio Sendgrid, or to any other provider doing business with Amélio from time to time, in connection with communications. Since the preferred method of communication is left to the discretion of the client organization, the latter assumes responsibility for informing its employees or end users, in accordance with regulatory requirements and the principles of transparency.

8. Retention and deletion of Personal Information

In this section, we set out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations regarding the retention and deletion of Personal Information.

The Personal Information that we process for any purpose will not be retained for longer than necessary. When the purposes for which your Personal Information was collected are fulfilled, it will be destroyed or anonymized by Amélio, subject to any retention period provided for by the Act.

We will retain your Personal Information as follows:

If you hold an account with Amélio, we do not delete the data in your account – you are responsible for and control the periods during which you retain that data. An email may be sent to [email protected] to delete data at the account level (all data in your account) and at the user level. If you respond to a survey, you will need to ask your employer how long your responses will be retained in Amélio's services.

We may retain some of the information recorded in your account for analytical and accounting purposes, as well as for the purposes of the integrity of record-keeping and fraud prevention, the collection of fees due, the enforcement of the terms of use, the taking of any measure that Amélio deems necessary to protect the integrity of the website or its users, or any other measure permitted by the Act.

Notwithstanding the other provisions of this section, we may retain your Personal Information where such retention is necessary to comply with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

If some of your information has been provided, with your consent, to third parties, the use and retention of your information will be subject to the policy of those third parties and the Company cannot in any way be held responsible.

9. Security of Personal Information

We will take appropriate technical and organizational precautions to secure your Personal Information and prevent the access, disclosure, loss, misuse or alteration of it.

We will store all of your Personal Information on secure servers and in secure manual record-keeping systems.

The following Personal Information will be in encrypted form in the database: password(s). We will not store cardholder data. All Personal Information is stored on servers using encryption at rest.

The data relating to your requests and financial transactions that is sent from your web browser to our web server, or from our web server to your browser, will be protected using encryption technology.

Although Amélio takes the security measures required by the Act, no security device is infallible. You therefore understand and accept:

  1. that there are limits to the security and management of the Personal Information that Amélio collects that are beyond its control;
  2. that the security, integrity and management of all Personal Information and data exchanged between you and Amélio through the website cannot be guaranteed;
  3. that the said Personal Information may be viewed or altered by a third party during transfer;
  4. that the transmission of unencrypted (or poorly encrypted) data over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet; and
  5. that you must ensure that your password is not likely to be guessed, whether by a person or a computer program, and that you are responsible for the confidentiality of the password that you use to access our website, and we will not ask you for your password (except when you log in to our website).

10. Handling of requests for access to and disclosure of personal information

Amélio applies a strict procedure to handle any request for access to or disclosure of personal information, whether it comes from:

  • A governmental or regulatory authority (e.g.: supervisory authority, law enforcement).
  • An employee of a client organization wishing to access their own information.
  • A client organization requesting information about its employees.
  • A legally authorized third party (e.g.: legal representative, court).

Our handling process includes the following steps:

  1. Receipt and recording: Every official request is recorded and analyzed by our Personal Information Protection Officer (PIPO).
  2. Legal validation and compliance: We verify that the request is legitimate and compliant with applicable regulations and contractual obligations.
  3. Notification of the parties concerned:
    • In the case of an employee request, we inform the client organization if required by law.
    • For governmental requests, we notify the client organization unless legally prohibited.
  4. Secure transmission of the information: We apply the principle of data minimization, providing only the information strictly required.
  5. Traceability and documentation: Each request handled is the subject of an internal record to ensure transparency and auditability.

Clients with questions about this process may contact our Personal Information Protection Officer at the following address: [email protected].

11. Your rights

In this section, we have summarized the rights that you have under the Act. Some rights are complex and not all details have been included in our summaries. Consequently, you should read the relevant laws and the guidance of the regulatory authorities for a full explanation of these rights.

Your main rights under the Act are:

  1. the right of access – you may request copies of your Personal Information;
  2. the right to rectification – you may ask us to rectify inaccurate Personal Information and to complete incomplete Personal Information;
  3. the right to erasure – you may ask us to erase your Personal Information;
  4. the right to restrict processing – you may request that the processing of your Personal Information be restricted;
  5. the right to object to processing – you may object to the processing of your Personal Information;
  6. the right to lodge a complaint with a supervisory authority – you may complain about our processing of your Personal Information; and
  7. the right to withdraw your consent – to the extent that the legal basis for our processing of your Personal Information is consent, you may withdraw that consent.

You have the right to confirm whether or not we process your Personal Information and, where applicable, to access the Personal Information, as well as certain additional information. When you hold an account with an Amélio service, you are entitled to a copy of all the Personal Information that we hold about you. You also have the right to request that we restrict the way we use your data or that we object to certain aspects of our processing of your data. You can access much of your data in your own account when you log in. However, if you wish to obtain a full copy of all your data or request a restriction/limitation in the way we use your data, please contact us at [email protected].

You have the right to have any inaccurate Personal Information about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Information about you completed.

In certain circumstances, you have the right to erase your Personal Information without undue delay. These circumstances include: the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw your consent to consent-based processing; you object to the processing under certain rules of the applicable data protection legislation; the processing is for direct marketing purposes; and the Personal Information has been processed unlawfully. However, there are exclusions from the right to erasure. The general exclusions include, where the processing is necessary: to exercise the right to freedom of expression and information; to comply with a legal obligation; or for the establishment, exercise or defence of legal claims.

In certain circumstances, you have the right to restrict the processing of your Personal Information. These circumstances are: you contest the accuracy of the Personal Information; the processing is unlawful, but you object to erasure; we no longer need the Personal Information for the purposes of our processing, but you need the Personal Information for the establishment, exercise or defence of legal claims; and you have objected to the processing, pending verification of that objection. Where the processing has been restricted on this basis, we may continue to store your Personal Information. However, we will only process it otherwise with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your Personal Information on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any public authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the Personal Information, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to the processing of your Personal Information for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your Personal Information for this purpose.

You have the right to object to our processing of your Personal Information for scientific or historical research purposes or for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest or your Personal Information is removed and redacted.

To the extent that the legal basis for our processing of your Personal Information is:

  1. consent; or
  2. that the processing is necessary for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract, and this processing is carried out by automated means, you have the right to receive your Personal Information from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

To the extent that the legal basis for the processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of the processing before the withdrawal.

12. Third-party websites

Our website includes hyperlinks that provide access to the websites of other companies that are not subject to the terms of this Policy. We have no control over, and are not responsible for, the privacy policies and practices of other companies.

Third-party websites may request and collect information about you, including Personal Information, and in certain cases inform us of your activities on those websites. We recommend that you consult the privacy policy of each third-party website that you visit by clicking on the "Privacy Policy" link generally located at the bottom of the web page that you are viewing.

13. Children's Personal Information

Our website and our services are intended for persons over the age of 16. If we have reason to believe that we hold the Personal Information of a person under this age in our databases, we will delete that Personal Information.

14. Updating your Personal Information

Please let us know if the Personal Information that we hold about you needs to be corrected or updated.

15. Personal Information collected automatically through our website – Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless it is deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user's session, when the web browser is closed.

Cookies generally do not contain any information that personally identifies a user, but the Personal Information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

  1. Authentication and status – We use cookies to identify you when you visit our website and when you navigate our website, and to help us determine whether you are logged in to our website;
  2. Personalization – We use cookies to store information about your preferences and to personalize our website for you;
  3. Security – We use cookies as an element of the security measures used to protect user accounts, including the prevention of the fraudulent use of login credentials, and to protect our website and our services in general;
  4. Analytics – We use cookies to help us analyze the use and performance of our website and our services.

We use Google Analytics. Google Analytics collects information about the use of our website by means of cookies. The information collected is used to create reports about the use of our website. You can learn more about Google's use of information by visiting https://www.google.com/policies/privacy/partners/ and you can consult Google's privacy policy at https://policies.google.com/privacy.

We use Microsoft Clarity. Microsoft Clarity collects information about the use of our website by means of cookies and similar technologies. The information collected is used to analyze the use of the website, improve its performance and the user experience, in particular by means of behavioural analytics such as clicks, scrolling and interactions with pages. You can learn more about Microsoft Clarity's use of information by consulting its applicable terms and policies at the following address: https://clarity.microsoft.com/terms.

We use a Facebook pixel on our website. Using the pixel, Facebook collects information about users and the use of our website. The information is used to personalize Facebook advertisements and to analyze the use of our website. To learn more about the Facebook pixel and Facebook's use of Personal Information in general, consult Facebook's cookie policy at https://www.facebook.com/policies/cookies/ and Facebook's privacy policy at https://www.facebook.com/about/privacy. Facebook's cookie policy includes information about controlling Facebook's use of cookies to show you advertisements. If you are a registered Facebook user, you can adjust ad targeting by following the instructions at https://www.facebook.com/help/568137493302217.

Our service providers use cookies and these cookies may be stored on your computer when you visit our website.

16. Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from one browser to another and from one version to another. You can, however, obtain up-to-date information about blocking and deleting cookies through these links:

  1. https://support.google.com/chrome/answer/95647 (Chrome);
  2. https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences (Firefox);
  3. https://help.opera.com/en/latest/security-and-privacy/ (Opera);
  4. https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
  5. https://support.apple.com/fr-ca/guide/safari/sfri11471/mac (Safari); and
  6. https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact on the usability of many websites.

If you block cookies, you will not be able to use all the features of our website.

17. Amendments

Amélio may, at its discretion, amend the Policy from time to time by publishing a new version on our website. If a significant change is made to the Policy, you will be informed of it, where applicable.

Once you have been informed, continued use of the services provided by Amélio, after the amended Policy takes effect, constitutes your consent to this Policy as amended.

18. Handling of complaints

If you consider that the processing of your Personal Information infringes the Act, you have a legal right to lodge a complaint with a supervisory authority responsible for the protection of information.

For any complaint relating to the protection of your Personal Information or its use by Amélio, please contact our Officer at the following address: [email protected]. The Officer will respond to your complaint by email as soon as possible.

If you reside in the European Union and you are not satisfied with the way we have handled a complaint that you submitted to us, you have the right to contact your local data protection supervisory authority.

19. Roles and responsibilities of staff members

Only employees authorized by the Company have access to your Personal Information. Authorized employees means the employees of the Company who need to know or access your Personal Information to enable the Company to provide its services.

The Officer ensures compliance with and the implementation of this Policy. The Officer also ensures that all authorized employees of the Company have read the Policy and that they use Personal Information in accordance with the provisions hereof.

20. Precedence

In the event of any inconsistency between this Policy and the Act, the provisions of the latter shall prevail.