Privacy Policy

Last updated April 13, 2023

Preamble

Gradiant collects, uses, and discloses information for the purpose of delivering our consulting services and developing software solutions. Privacy matters to us, and professional secrecy is a key element of our relationships with clients. We comply with the highest ethical standards when handling any information, especially personal information.
This Personal Information Protection Policy, required under Law 25, is intended to inform Gradiant website users about:

  • How their personal data is collected. Under the Act modernizing legislative provisions as regards the protection of personal information (Law 25), “personal data” refers to any information that can identify a user. This may include: first and last name, age, mailing or email address, location, or IP address (non-exhaustive list);
  • The rights they have regarding this data;
  • The person responsible for processing the personal data collected and processed;
  • The recipients of this personal data;
  • The website’s cookie policy.

In accordance with applicable law, at Gradiant, personal information is:

  • information about a natural person that makes it possible to identify them. It is confidential. Except in specific cases, it cannot be disclosed without the consent of the person concerned.
  • processed lawfully, fairly, and transparently with respect to the person concerned;
  • collected for specified, explicit, and legitimate purposes;
  • adequate, relevant, and limited to what is necessary for the purposes for which it is collected;
  • accurate and, where necessary, kept up to date. Reasonable steps must be taken to ensure that personal information that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without undue delay;
  • kept in a form that permits identification of the persons concerned for no longer than is necessary for the purposes for which it is processed;
  • processed in a manner that ensures appropriate security of the personal information collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, through appropriate technical or organizational measures.

Processing is lawful only if, and to the extent that, at least one of the following conditions is met:

  • The person concerned has consented to the processing of their personal information for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the person concerned is party, or to take steps at their request prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary to protect the vital interests of the person concerned or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the person concerned requiring protection of personal information, in particular where the person concerned is a child.

Article 3.1: Collection of your personal information

When you visit our Website, and when you communicate with us in person or by any means, we collect certain personal information about you.

  • We may collect and process various types of personal information in the course of our activities and service delivery, including:
  • identity information, such as a first or last name;
  • contact details, such as a name, address, email address, and phone number;
  • biographical information, such as a job title, employer name, photos, and video, audio, or other media content;
  • marketing and communication preferences, as well as related information such as dietary preferences, feedback, and survey responses;
  • billing and financial information, such as a billing address, bank account information, or payment details;
  • service-related information, such as details about services we have provided to you;
  • recruitment-related information, such as a resume, education and work history, details about professional affiliations, and other information relevant to a potential recruitment by Gradiant or a potential association with Gradiant;
  • website usage and other technical information, such as details about visits to our websites, your interaction with our advertising and online content, or information collected through cookies and other tracking technologies;
  • information provided by or on behalf of Gradiant’s clients and employees, or generated in the course of our services, which may, where relevant, include special categories of personal information (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, sexual orientation, etc.);
  • identification and other due diligence data, such as a copy of a driver’s license, passport, or utility bill, proof of beneficial ownership, or information about the source of funds, required to comply with anti–money laundering laws and collected as part of our client onboarding and ongoing monitoring procedures;
  • any other personal information provided. Please note that if you provide us with personal information about other individuals (such as your clients, administrators, officers, shareholders, or beneficial owners), you must ensure that you have properly informed them that you are providing their information to us and obtained their consent for such disclosure;
  • where applicable, evidence of the consent given to us (date, time, method), in circumstances where such consent is required for processing personal information;
  • when we require specific personal information within the meaning of applicable law.
  • We do not knowingly collect information from children or other persons under the age of 14. If you are under 14, please do not provide personal information without the express consent of a parent or guardian. If you are a parent or guardian and you know that your child has provided us with personal information, please contact us at mesdonnees@gradiant.ai or using the contact details below (Article 5). If we learn that we have collected personal information from minors without verifying parental consent, we will take steps to delete that information from our servers.

Article 3.2: How can you give or withdraw your consent?

By using our services and visiting our Website, you consent to the collection, use, and disclosure of your personal information as described in this Policy. In some cases, your consent may be “implied,” meaning your permission is inferred based on your action or inaction at the time your personal information is collected, used, or disclosed.

As a general rule, we will ask for your consent whenever we want to use your personal information for a new purpose or for a purpose other than those set out in this Policy or otherwise disclosed at the time of collection—for example, through a specific consent form or through terms specific to a service you subscribe to.

You may withdraw your consent at any time, subject to limited exceptions, including where we are bound by legal or regulatory requirements or where you have contractual obligations toward us. To withdraw your consent, please contact us using the details provided in Article 6, “How to contact us?”.

If you choose not to provide certain personal information, or if you withdraw your consent where this is possible, we may not be able to provide you with our services.

Article 3.3. Use of your personal information

We use your personal information to provide and improve our services. We also use it to meet our legal obligations. We may use personal information in any of the ways set out below, with your consent or, where applicable, on another legal basis under applicable law. In each case, we specify the purposes for which we use your personal information:

  • To provide our services and conduct our business, to administer and perform our services, including to meet obligations arising from any agreement between you and us.
  • To respond to information requests or other inquiries from people who visit our Website.
  • To facilitate your use of our Website, ensure content is relevant, and present our website content in the most effective way for you and your device.
  • For marketing and business development purposes—to share information about new services, updates relevant to your sector, and invitations to seminars and events when a person has chosen to receive such information.
  • For research and development (including security)—to perform analyses that help us better understand client service and marketing needs, understand our business, and develop our services and offerings. You may unsubscribe at any time;
  • For recruitment purposes—to process job applications and assess whether a person meets the requirements for a position they may apply for at Gradiant.
  • To meet legal, regulatory, or risk-management obligations—to comply with legal requirements (conduct client due diligence / obtain information about a client, detect anti-corruption, sanctions, and reputational risks, and identify conflicts of interest).
  • To prevent fraud and/or carry out other background checks that may be required at any time under applicable law or regulations and/or best practices (if false or inaccurate information is provided or fraud is detected or suspected, information may be shared with fraud-prevention agencies and may be recorded by us or by such agencies).
  • To enforce our rights, meet our legal or regulatory disclosure obligations, and/or protect the rights of third parties.

Article 4.1: Data controller

We follow generally accepted private-sector standards to protect the information submitted to us, both during transmission and once we have received it. We maintain appropriate physical, technical, and administrative safeguards to protect personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, misuse, or any other illegal form of processing. We have taken measures to ensure that only Gradiant staff members bound by confidentiality who need to know your personal information—or whose duties reasonably require it—have access to it. We also use these safeguards when we dispose of or destroy your personal information.

However, no method of transmission over the Internet and no electronic storage method is 100% secure. We therefore cannot ensure or guarantee the security of information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information will not be accessed, obtained, disclosed, altered, or destroyed as a result of a breach of our physical, technical, or administrative safeguards. If you have reason to believe that personal information has been compromised, please contact us using the details provided in Article 6, “How to contact us?”.

Article 4.2. Where and how long do we keep your personal information?


We will retain personal information only for as long as necessary to fulfill the purposes set out in this Personal Information Protection Policy and to comply with our legal and regulatory obligations. To learn more about how long we keep personal information, please contact us using the details provided in Article 6, “How to contact us?”. 

When we no longer need it, we securely destroy your personal information or anonymize it (so that it can no longer identify you).

We use all reasonable security measures—which may include imposing contractual obligations on our service providers—to protect your personal information wherever it is used or stored. Your personal information is currently hosted in Canada.

Article 5.1: Person responsible for data processing

Personal information is collected by Gradiant.
The person responsible for Personal Information Protection is: Jonas Isenegger, and can be reached as follows:
By email: mesdonnees@gradiant.ai

Article 5.2: Data protection delegate

The person responsible for Personal Information Protection may delegate responsibilities to:
Gaëlle Ramboanasolo, gaelle@gradiant.ai
If you believe, after contacting us, that your rights “within the meaning of Law 25” are not being respected, you may file a complaint with the Commission d’accès à l’information du Québec.

Any user concerned by the processing of their personal data may exercise the following rights under Law 25:

  • Right of access, rectification, and erasure of data;
  • Right to data portability;
  • Right to restrict processing and to object to processing;
  • Right not to be subject to a decision based solely on automated processing;
  • Right to determine what happens to data after death;

To exercise your rights, please contact Gradiant AI by email at mesdonnees@gradiant.ai

Gradiant reserves the right to modify this Policy at any time to ensure it remains compliant with applicable law.
Any changes will not affect transactions previously carried out with Gradiant, which will remain subject to the Policy in effect at the time of purchase and as accepted by the user.
Users are encouraged to review this Policy each time they use our services; formal notice is not required.
This Policy, issued on April 14, 2023, was updated on April 14, 2023.