Privacy is important to Ora d’Oro Interiors (hereinafter “Ora d’Oro“, “we“, “our“). For this reason, we adhere to principles and best practices that we implement when we collect, use, communicate, retain, or destroy the Personal information of individuals in contact with us. This enables us to implement safeguards and sound Personal information management practices in compliance with applicable laws, notably the Act respecting the protection of personal information in the private sector. To this end, we have created a Personal information governance structure, including the appointment of a Data Privacy Officer.

This Personal information protection and confidentiality policy (the “Policy“) will help you better understand this structure.

This Policy does not apply to information that does not constitute Personal information as defined by law.

Purpose of this Policy 

This Policy tells you what Personal information we collect by technological or other means, how we process it, and when we need to share it with subcontractors or third parties. 

We have included definitions to help you better understand the scope of this Policy.

1. DEFINITIONS

Here are a few definitions to help you better understand: 

Processing activity or Processing: any operation carried out on or with Personal information during its life cycle, whether or not by automated means, beginning with collection, then use, communication, retention and finally destruction, as well as all activities related to these operations. 

Anonymize: act on Personal information about an individual in such a way that this individual can never again be directly or indirectly identified, and this in an irreversible way

Depersonalize: delete, replace or remove all information that allows direct identification of the person concerned.  If obvious names and identifiers are replaced, this will ensure that the person concerned can no longer be directly identified. This can be achieved through techniques such as truncation, noise addition, the use of encryption tools, the reduction of the level of granularity of information or a combination of these and/or the use of additional techniques.

Privacy Impact Assessment or PIA: an approach designed to assess Processing activities and their necessity, which are proportionate to the purpose sought, and to ensure that Processing is not likely to infringe an individual’s privacy. 

Confidentiality incident: any unauthorized access, use or disclosure of Personal Information, as well as its loss or any other form of breach of its protection or confidentiality.

Pseudonymization: a reversible security process that consists in replacing information easily attributable to an individual, or elements that distinguish him or her from others, with unique information, so that the original data is no longer directly linked to this individual.  Direct identifiers are replaced by aliases, allowing only indirect identification of the person concerned, and only by those in possession of the key associating the alias with the Personal Information (an alias or a reference number or code). 

Personal information: means any information that relates to a natural person and enables that person to be identified directly or indirectly, i.e. that reveals, directly or indirectly or by reference, something about that person’s identity, characteristics, activities, location or other identifiable information, whatever the nature of the medium and whatever the form in which this information is accessible (written, graphic, sound, visual, computerized or other). In all cases, this includes Sensitive Personal information. This could be a name, e-mail address, telephone number, the number of your bank account where debits are made for payment of services, or even your state of health.

Sensitive Personal information: Personal information which, by its nature or the context in which it is used or communicated, gives rise to a high degree of reasonable expectation of protection on the part of the person concerned (for example, medical, biometric, genetic or financial information, or information about life or sexual orientation, religious or philosophical beliefs, trade-union affiliation or ethnic origin).

Data Privacy Officer: The person designated to ensure privacy protection (DPO).

2. CONTACT US

Any question, comment, request, concern, exercise of a right or filing of a complaint regarding this Personal information protection and confidentiality policy should be forwarded to the Data Privacy Officer at the following coordinates:

E-mail : [email protected]

3. Consent to the collection of Personal information for specific purposes

By providing us with Personal information, you authorize us to proceed to the collection and processing of your Personal information that is necessary to provide you with services. Personal information shall only be collected and processed for the legitimate and necessary purposes for which it was originally collected. Also, before collecting, using or communicating Personal information, we obtain valid consent from the person concerned.  For this reason, we seek consent explicitly, subject to situations where consent may be implied by law.  However, consent must be given expressly if it concerns sensitive Personal information. 

In the interest of transparency, and before collecting any Personal information, we would like to provide you with the following minimum information:

• The legitimate purposes for which the information is collected;
• The means by which information is collected; 
• Your statutory rights of access and rectification; 
• Your right to withdraw your consent to the disclosure or use of this information; 
• The name of the third party for whom the data is collected, if applicable; 
• The possibility that information may be disclosed outside Quebec & Ontario, if applicable. 
• The possibility that information may be shared with service providers or similar third parties;
• How long this information will be kept (on request); 
• DPO contact details.

In addition, at any time and upon your request, we will inform you of the Personal information you have communicated to us and the categories of persons who have access to this Personal information.

Personal information must be collected and used for specific, explicit and legitimate purposes, i.e. directly related to and manifestly necessary for the performance of the processing activities for which it has been communicated.

If Personal information is to be used for a secondary or other purpose, additional consent is required. This consent, written simply and clearly, will include the original purpose for which the information was collected, the new purpose(s) (or secondary purposes) and the reason for the change in purpose(s). 

Consent to collection is valid only for the time necessary to achieve the purposes for which it was requested. 

Proof that consent has been validly obtained is retained.

The DPO is responsible for ensuring that the rules for obtaining consent are complied with in a legal and appropriate manner.

We want you to know that you are always in control of your Personal information and that you can refuse to allow us to collect Personal information about you.  To do so, simply let us know.

The consent you give us to collect or process your Personal information may be withdrawn at any time. We will respect your choice in accordance with our legal obligations. 

In the course of our activities, we collect and use Personal information by specified means such as :

• When communicating in person, by phone or by e-mail;
• On submission of any duly completed form, including our website contact contact form;
• When using our website: www.ora-doro.com;
• During social media interactions, by direct messages through Instagram and Messenger.

4. NECESSARY PERSONAL INFORMATION COLLECTED

We limit the collection of Personal information to that which is necessary for us to provide you with our services or as permitted by law. 

The Personal information we collect includes:

• Contact information, such as your first and last name, postal address, e-mail address and telephone number, to create a file with us;
• Service-related information, such as information about the services provided to you;
• Site photos.

Publications on social networks

A customer has the possibility, via any external website such as Facebook or Instagram, to make comments about Ora d’Oro. We remind you that we cannot be held responsible for the content of these comments, nor for any consequences that may arise from them. 

5. USE OF PERSONAL INFORMATION

In general, we only use your Personal information for the purposes permitted or required by law or for the following purposes: 

• Offer or improve our products and services or develop new products and services according to your needs;
• Operate, maintain, supervise, develop, improve and offer all the functionalities of our website;
• Answer your questions, collect your opinions and comments, or provide you with assistance when needed;
• To verify your identity if required to comply with our obligations under applicable laws and regulations;
• Send messages, updates, security alerts or communications as required by law; 
• Administer a promotion, survey or other feature of the website or our services;
• Conduct research and analysis related to our services;
• Detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities;
• Establish, exercise or defend a right or legal claim. 

We will always respect the purposes for which we have collected your Personal information. If we wish to use or disclose your Personal information for other purposes, we will seek your consent, except as permitted by law. 

6. DISCLOSURE OF PERSONAL INFORMATION

In the course of our activities, we make your Personal information available to our consultants or subcontractors, only insofar as their duties so require.

Although we try to avoid sharing your Personal information with third parties, we may use service providers to perform various services on our behalf, such as IT management and security, and the analysis, hosting and storage of data. In such circumstances, we provide only the Personal information necessary for the performance of their mandate, and we undertake to ensure that the principles set out in this Policy are respected. 

In addition, these service providers provide us with sufficient guarantees that they have implemented adequate safeguards for the protection of your processed or communicated Personal information, before Ora d’Oro communicates them to those service providers. When our service providers no longer need your Personal information, we ask them to destroy it in an appropriate manner. 

Before transferring Personal information to a service provider or business partner, we ensure that a written agreement is in place with this third party. This agreement must include certain clauses, such as:

• A description of the measures taken by the service provider to protect the confidentiality of the Personal information communicated (e.g. a description of security measures); 
• An undertaking by the service provider to use the Personal information only for the purposes of providing the services and not to retain such information after the expiry of the contract; and 
• The service provider’s obligation to promptly notify us of any breach or attempted breach of confidentiality to allow us to carry out any investigation or verification relating to this violation. 

The DPO analyzes the risks related to the disclosure of Personal information and proceeds with the disclosure only if it is convinced, based on a privacy impact assessment, that the disclosure will not infringe the privacy of the person concerned. This is also the case when required by law or as part of a commercial transaction.

The Personal information we collect and store is protected and securely hosted on servers that may be located outside of Quebec & Ontario, notably elsewhere in Canada and in the United States. 

We do not sell, trade or otherwise disclose your Personal information to third parties, subject to exceptions provided by law.

7. RETENTION OF PERSONAL INFORMATION

Subject to applicable law, we retain your Personal information only as long as necessary for the fulfillment of the purposes for which it was collected, unless you consent to your Personal information being used or processed for another purpose. After that time, your Personal information will be destroyed or securely anonymized.

For more information on how long your Personal information is kept, please contact us as indicated in the “Contact us” section.

8. RIGHTS REGARDING PERSONAL INFORMATION

You have the following rights:

• The right to be informed of the Personal information we hold about you and to request a paper copy of documents containing your Personal information, subject to exceptions provided by applicable law;
• The right to have the Personal information we hold about you rectified, amended and updated if it is incomplete, ambiguous, out of date or inaccurate;
• The right to withdraw or change your consent to the collection, use, disclosure or retention of your Personal information at any time, subject to applicable legal and contractual restrictions.
• The right to ask us to stop distributing your Personal information and to de-index any link attached to your name that gives access to this information if such distribution contravenes the law or a court order;
• The right to lodge a complaint with us or with the Quebec Commission d’accès à l’information, subject to the conditions stipulated by the applicable law.

In order to respond to your request, you may be asked to provide appropriate identification or to identify yourself in some other way, as required by law.

To exercise any of these rights, please contact us as indicated in the “Contact us” section.

9. PROTECTION OF PERSONAL INFORMATION

The responsibility of ensuring the protection and proper Processing of Personal information rests with us and any person working with or on behalf of Ora d’Oro who has access to the Personal information.

The main responsibilities for the governance and management of Personal information lie with the following organizational roles:

The DPO is responsible for the following tasks: 

• Manage and implement the Information Governance Program; 

• Develop and monitor policies and practices regarding the protection of Personal information;

• Monitor and analyze applicable privacy laws, as well as changes being considered or introduced by legislators; 
• Develop and maintain compliance requirements to meet our Personal information protection objectives.

We have implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of your Personal information against loss, theft or any unauthorized access, disclosure, reproduction, communication, use or modification . These measures include controlling access to our premises, offices and equipment, as well as adopting a governance system aimed at the secure storage and destruction of your Personal information. 

Despite the adoption of such measures, we cannot guarantee the absolute security of your Personal information. If you have reason to believe that your Personal information is no longer secure, please contact us immediately as indicated in the “Contact Us” section.

10.Limitation of liability, confidentiality incident reporting, complaints and response 

We pledge to take all reasonable steps to ensure the confidentiality and security of Personal information in accordance with technological standards appropriate to our sector of activity. 

Notwithstanding the foregoing, you declare that you understand and acknowledge that no institution or computer system offers absolute security and that there is always some degree of risk involved in transmitting Personal information, including over the public network that is the Internet. 

You hereby agree that Ora d’Oro shall not be held liable for any breach of confidentiality, hacking, virus, loss, theft, misuse or alteration of Personal information transmitted or hosted on its systems or those of a third party. You also waive any claim in this regard, except in the case of gross negligence or intentional misconduct on the part of Ora d’Oro. Accordingly, you agree to hold Ora d’Oro and its business partners harmless from any damages of any kind, whether direct or indirect, incidental, special or consequential, arising out of or in connection with the use of your Personal information. 

In the event of a breach of the confidentiality or security of your Personal information that presents a high risk to your rights and freedom, you will be notified of such breach as soon as possible and Ora d’Oro will take the necessary measures to preserve the confidentiality and security of your Personal information.  

Any individual whose personal information is affected by an actual or apprehended Confidentiality incident may also file a complaint, which will be handled in accordance with the Complaint and Data Incident Response and Notification Procedure.

We will also notify the authorities and all concerned persons after investigation, if a risk of serious prejudice is apprehended, taking into account the sensitivity of the information concerned, the apprehended consequences of its use and the likelihood that it will be used for prejudicial purposes. 

11. COOKIES

We use cookies and other similar technologies (collectively, “Cookies“) to help us operate, protect and optimize the website and services we offer and to make browsing more useful and reliable. You can set your browser to notify you when Cookies are set on your visit to the website, so that you can decide in each case whether or not to accept the use of some or all Cookies.

The Cookies used on our website include the following:

• Essential or technical Cookies: these are Cookies that are essential to the operation of the website, enabling good communication and facilitating navigation.  They are also known as functionality Cookies and enable the website to communicate effectively and facilitate navigation by remembering the choices you make (such as  your preferred language, etc.) to provide you with a personalized and enhanced experience on future visits.
• Statistical or analytical Cookies: these Cookies enable us to recognize and count the number of visitors to our site, and to monitor their browsing behavior. This makes it easier for users to find what they’re looking for.
• Performance Cookies: these Cookies collect information about how visitors use the website. They enable us to evaluate and improve the content and performance of the website (e.g. by counting the number of visitors, identifying the most popular pages or clicks), and to better match commercial proposals to the user’s personal preferences.
• Tracking Cookies (Google Analytics): the website uses tracking Cookies via Google Analytics, in order to help us measure the ways in which users interact with website content, and which generates visit statistics. These statistics enable us to continually improve the website and offer users relevant content. We use Google Analytics to gain an overview of website traffic, the origin of this traffic and the pages visited. This means that Google acts as a subcontractor. The information gathered by Google Analytics is generated as anonymously as possible. For example, it is not possible to individually identify visitors to the website. For further information, users are invited to consult Google’s data protection policy, available at the following address: http://www.google.nl/intl/en_uk/policies/privacy/

The length of time Cookies are retained varies according to their type: essential Cookies are generally retained until the browser is closed, while functional Cookies are retained for 1 year and performance Cookies for 4 years.

We authorize public search engines to visit the website via web crawlers for the sole purpose of making access and content of the website available via their search engines, without granting us the right to archive the website.

12. COOKIE MANAGEMENT

Most browsers are configured to accept Cookies automatically, but all allow you to customize the settings according to your preferences.

If you do not want the website to place Cookies on your computer or mobile device, you can easily manage or delete them by modifying your browser settings.

You can also set your browser to notify you when it receives a Cookie, so that you can decide whether or not to accept it.

If you wish to block and/or manage certain Cookies, you can do so by following the link for your browser:

• Internet Explorer : http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies 
• Chrome : https://support.google.com/accounts/answer/61416?hl=en 
• Firefox : https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences  
• Safari : http://support.apple.com/kb/PH5042   

If you do not wish to accept Cookies, you can indicate this via the message concerning Cookies that appears on your first visit to the website, or by customizing your browser settings so that it refuses Cookies.

To stop being tracked by Google Analytics on any website, please visit the following website: https://tools.google.com/dlpage/gaoptout?hl=fr

If you deactivate certain Cookies, it is possible that some parts of the website may not be accessible and/or usable, or may only be partially accessible and/or usable.

13. Audit 

The DPO responsible for conducting an annual audit of the measures put in place to implement and comply with this Policy.

14. conflicts

The purpose of this Policy is to comply with the laws, regulations and business agreements that apply to Ora d’Oro in the course of its operations. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.

 

15. Consultants, subcontractors, agents

If Ora d’Oro hires a consultant, agent or subcontractor, the latter must also respect and apply this Policy when carrying out a Personal information Processing activity.

 

16. Updating this Policy 

We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, we will notify you that the Policy has been modified, indicate the general purpose of the changes made and update the Policy’s current date.

17. Validity 

This document takes effect on February 17, 2025.