PURPOSE

The term “Website” refers to the site accessible at baseline.quebec and all its subdomains.

The term “Baseline” refers to the La coopérative de solidarité Baseline en intelligence artificielle. For purposes of this Policy, Baseline also includes its suppliers or licensors, and their respective employees, officers, directors, shareholders, agents, subcontractors and other representatives. The terms “we,” “us,” or “our” also refer to Baseline.

The term “personal information” means any information about an individual from which that person can be identified. This does not include information from which the identity has been removed (anonymous data).

We collect the personal information you provide us in several ways, described in the following three subsections.

Through Direct Communication

Direct communication includes, but is not limited to:

• Communication with us through a form available on the Website;
• Communication with us about the services and products we offer;
• Communication with us to ask a question, submit a comment or making a complaint (customer service);
• Use of social media.

Through automated technologies or interactions

When you use our Website, we automatically collect certain technical data (more fully described below) about your equipment and web browser.

Our Website uses a technology called “web beacons” or “invisible pixels”. This technology allows us to understand which pages of our Website you are visiting. We use these Internet tags to optimize and tailor our Website for you and other potential visitors. We may also collect certain technical information about you if you visit other websites that use our cookies.

Through Third Parties

We may obtain information about you from other sources, including customers, service providers and business partners, and combine that information with information we have collected about you. For example, we may use third parties, such as Google, to:

• Perform remarketing, which is advertising to people who have previously visited our Website, on websites other than our own, including through Google Analytics (a web analytics solution). In such a case, the third parties involved, including Google, may serve our advertisements on sites across the Internet;
• Use the following Google Analytics features: reporting on the recorded impressions of our advertisements (i.e., a solution for placing advertisements on a variety of news, blog and other specialized websites) to attract more potential customers; integration with any management tool that has a set of features used for serving, targeting, verifying and reporting on advertisements for our advertising campaigns on websites and mobile devices; and reporting on user demographics and interests;
• To collect, analyze and/or aggregate your Personal Information (such as IP address, gender, age and interests), including through the creation of reports on visitor demographics and interests, to help us understand how visitors interact with our Website and to improve our Website and our products and services.

The remarketing companies may combine the use of first-party cookies (e.g., the Google Analytics cookie) and third-party cookies (e.g., the DoubleClick cookie) to: Collect personal information. Inform, optimize, and serve advertisements based on your previous visits to our Website. Determine the relationship between visits to our Website and ad impressions, other uses of advertising services, and interactions with those ad impressions and advertising services. These companies may also use Internet tags or web beacons to report certain information about your visits to our Website and to websites that link to and advertise on our Website to measure our advertisements’ effectiveness.

We may collect, use, store and transfer various types of personal information about you, which we have grouped as follows:

• Contact information includes first name, last name, email address, title, phone number, mailing address and contact preferences;
• Social media data includes information associated with any social media account you have, and the profile associated with it, such as name, username, email address, profile picture, date of birth and gender;
• Technical data includes your IP (Internet Protocol) address, login data, number of clicks and other related information, such as the websites you visited immediately before and after visiting our Website, your time zone and geographic settings, the Internet service provider you use and other technologies on the devices you use to access our Website;
• Usage data includes the number of visits to our Websites, the date and average time spent on our Websites, and information about how you use our products and services;
• Marketing and communication data includes your preferences for receiving marketing from us and related third parties and your communication preferences.

For example, you may be asked for certain information when you visit the Website, such as your name and email address, when you choose to contact or otherwise engage with us through one of the various means available on our Website.

We also collect, use, store and share aggregate information, such as statistical or demographic information. Aggregate information may be derived from your personal information, but it is not considered personal if it does not reveal your identity directly or indirectly. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of our Website. However, suppose we combine or connect aggregated information with your personal information to directly or indirectly identify you. In that case, we treat it as personal information to be used per this Policy.

We limit the collection of personal information to what is reasonably required to fulfill the purposes for which it is collected. We will often use your personal information in the circumstances described below.

• When we need to perform the contract, we are about to enter into or have entered into with you: contract fulfillment means processing your personal information when it is necessary for the fulfillment of a contract to which you are a party or to take steps on your behalf and at your request before entering into such a contract;
• When it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. A legitimate interest is Baseline’s interest in conducting and managing our business to enable us to give you the best service or product. This includes the need to communicate with you and maintain a cordial relationship.
  We make sure to consider and adjust any potential impact on you (both positive and negative) and your rights before processing your personal information for our legitimate interests. We do not use your personal information for activities in relation to which our interests are outweighed by the impact on you (unless we have your consent or are required or permitted by law). You can obtain more information about how we assess our legitimate interests in relation to any potential impact on you in relation to specific activities by contacting our Privacy Officer.
• When we have to comply with a legal obligation: complying with a legal obligation means processing your personal information when it is necessary to comply with a legal obligation to which we are subject

The personal information we collect may be collected or used by Baseline and may also be shared internally to enable us to properly respond to your requests, communicate with you or assist you for the purposes described in this Privacy Policy.

We describe below all the ways in which we plan to use your personal information and the legal grounds upon which we do so. We have also identified our legitimate interests, when applicable. Note that we may process your personal information for more than one legitimate purpose, depending on the specific purpose for which we use your information.

• Communication with us through the form available on the Website. We use the information you provide in the form to respond to your inquiry, be it about our services or otherwise, which constitutes a legitimate interest.

  By submitting the form to Baseline, you are giving us your implied consent to retain and use the information contained in the form.

• Social Media. We may offer you the opportunity to enjoy our content from or through third-party networking sites, plugins and applications. When you enjoy our content in this manner, you may also allow us to access certain information associated with your social media accounts (e.g., your name, username, email address, profile picture, and gender) for the purpose of disseminating content or in connection with the operation of our Website, plugins, and applications. In addition, when you provide information about your social media accounts, we may use that information to personalize your experience on our Website and on third-party networking websites, plugins and applications and to provide you with other products or services you may request.

  This constitutes a legitimate interest in analyzing how our customers (current or potential) use our products and services, improving our marketing strategies, developing our product and service offerings, and operating and growing our business.

• Visiting our Websites. When you visit our Website, Baseline will collect certain information about you. For example, we collect the IP (Internet Protocol) addresses of all visitors to our Website, clickstream data, and other information such as the number of times you have visited our Website and the date and average time you spent on our Website. We use this information to administer our Website, monitor and improve our services and Website, determine how our Website is used, understand which portions of our Website are popular, and analyze trends and usage patterns.

  This information is necessary for our legitimate interests in operating our business, providing administrative and technical services, preventing fraud, and complying with legal requirements.

• Customer Relationship Management (CRM) databases. When you participate in any of the activities described above, we collect the personal information provided in connection with those activities to supplement and update our customer relationship management (CRM) databases. In this context, the personal information collected is used to generate reports for internal use about Baseline’s relationships with its customers or potential customers to monitor and improve our product and service offerings and our Website.

  This is a legitimate interest in analyzing how our customers (or potential customers) use our products and services, improving our marketing strategies, developing our product and service offerings, and operating and growing our business.

Don’t hesitate to contact us if you need more details on the legal ground on which we rely to process your personal information.

Except as explicitly stated in this Policy, we do not sell, rent, transfer or disclose your personal information to third parties for undisclosed purposes without your consent. Access to your personal information is restricted to Baseline staff, management and marketing team members who need access to your personal data to perform their duties for Baseline.

We may share some of your personal information to which we have access with various third parties, depending on the context. Here are the three types of actors to whom we may transfer your data:

• To service providers, that is, third parties who provide services on our behalf in Canada, the United States, or abroad, including Google, to use the various Google Analytics features described herein. We provide our service providers with the information they need to fulfill their mandate, and we do not authorize them to use or disclose this personal information for their own commercial or other purposes;
• To entities, organizations and authorities for legal purposes. That is, we and our third-party service providers may disclose your personal information in response to a search warrant or other lawful request or order, or in response to an investigative body for breach of an agreement or contravention of law, or as otherwise required or permitted by law. We may also disclose personal information as necessary to assert or defend legal claims, or to prevent actual or perceived loss or injury to persons or property;
• To another entity in the event that we sell all or part of our business or if we sell or transfer assets or otherwise participate in a merger or business transfer. In such cases, we may transfer your personal information to a third party as part of the transaction.

We have established and maintain administrative, technical and physical safeguards to protect your personal information in our custody and control from unauthorized access, use, modification and disclosure.

We also take special measures to assess the potential risks applicable to the disclosure of your personal information. In the event of a security breach, that is, if your personal information is lost, disclosed without your authorization, or becomes accessible to an unauthorized person, we will notify you of such a breach if it poses a real risk of serious harm. For example, a real risk of serious harm includes bodily harm, humiliation, loss of professional opportunities, financial loss or identity theft. If the breach creates a real risk of serious harm, we will notify you directly as soon as possible. If we cannot notify you directly, we will notify you of the breach through public communication. We will provide you with the information necessary to understand the significance of the security breach and take the necessary steps to reduce the risk of harm that may result. We will also report the security breach to the government and any other organizations that we believe can reduce the risk of harm that may result from the breach. We maintain a record of all security breaches. Following a security breach, Baseline investigates the cause and reviews the safeguards in place to prevent future violations.

We have procedures in place regarding the retention of personal information that are designed to retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or as otherwise required by law.

You have the following rights with respect to your personal information:

• Request access to your personal information. This allows you to receive a copy of the personal information we hold about you and to verify that we are processing it lawfully.
• To request that we correct or update the personal information we have about you. This allows you to correct or update incomplete, inaccurate or outdated information we have about you. However, we may need to verify the accuracy of the new data you provide to us.
• Request the deletion of your personal information. This allows you to ask us to delete or withdraw personal information when there is no good reason for us to continue processing it. You also have the right to ask us to delete or withdraw your personal information when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully or when we need to erase your personal information to comply with applicable law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Objection to the processing of your personal information. When we rely on our (or a third party’s) legitimate interest, you may object to such processing when there is an element in your particular circumstances that causes you to believe that the processing violates your fundamental rights and freedoms. You also have the right to object when we process your personal information for direct marketing purposes. In some cases, we may be able to demonstrate that we have legitimate grounds for processing your information that override your rights and freedoms and, in such cases, we may decide to continue processing your personal information.
• Request to restrict the processing of your personal information. This allows you to request that we suspend the processing of your personal information in the following circumstances:
  • If you want us to verify the accuracy of the information;
  • When our use of the information is unlawful, but you do not want us to delete it;
  • If you need us to retain the information even if we no longer need it because you need it to establish, exercise or defend legal claims;
  • You have objected to the use of your information, but we need to verify that we have legitimate reasons for using it.
• Requesting the transfer of your personal information to you or a third party. We will provide you or a third party of your choice with your personal information in a structured, machine-readable, commonly used format. Note that this right applies only to automated information that you initially consented to provide to us for our use or where we have used that information to perform a contract with you.
• Withdrawing your consent when we are relying on your consent to process your personal information. This will not affect the lawfulness of any processing done before you withdrew your consent. If you withdraw your consent, we may not be able to provide you with certain products or services, which may prevent us from responding to inquiries, providing technical support or otherwise assisting you in using our products and services. We will inform you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the above rights, please contact our Privacy Officer (see next section).

There is no charge to you for accessing your personal information (or for exercising any of the other rights).

If you wish to exercise any of the above rights, we may need to ask you for specific information to enable us to confirm your identity and thereby enable you to access your personal information (or exercise your other rights). This is a security measure to ensure that personal information is not disclosed to anyone who is not entitled to receive it. We may also contact you to request additional information regarding your request in order to expedite our response.

We will respond to all legitimate inquiries within thirty (30) days.

If you have any questions or comments about our handling of your personal information, including any requests to exercise your rights, or if you wish to request access to, update or correct your personal information in our possession, please contact our Privacy Officer, David Beauchemin, Baseline CEO, by e-mail at david.beauchemin@baseline.quebec.

You may also withdraw your consent to our collection, use and disclosure of your personal information at any time by using the contact information above. However, if you withdraw your consent, we may not be able to continue to respond to your requests, process any inquiries made to us, or otherwise assist you in connection with the Website.