Privacy Policy.

1.   General Information

1.1  Introduction

1.1.1    Purpose of this

This Privacy Policy (the “Policy”) describes the practices of CIS Group (“CIS Group”) regarding the collection, use, disclosure, retention, and destruction of information about an identifiable individual (“Personal Information”). For the purposes of this Policy, Personal Information does not include information related to a person’s role in an organization (such as their name, job title, work address, work email, or work phone number), as defined under the Act Respecting the Protection of Personal Information in the Private Sector.

This Policy applies to users, visitors, clients, and members (“you”, “your”) of CIS Group and the website https://cis-group.com/ (the “Website”), as well as users of our services. It does not apply to Personal Information of CIS Group employees.

1.1.2  Consent

By using the Website or any of its Services, you agree that CIS Group may collect, use, disclose, retain, and destroy your Personal Information in accordance with this Policy. If you do not accept these conditions, please do not use the Website.

You may withdraw your consent within the limits described in section 7.

You may also manage the collection and use of your Personal Information collected via cookies through our Cookie Banner.

To modify your cookie preferences, click the blue cookie icon at the bottom left of our webpages.

You may also ask your browser (e.g., Edge, Chrome, Firefox) to delete stored cookies and reconnect to the Website.

1.2  Person Responsible for the Protection of Personal Information

Any comments, questions, or complaints about the Policy or CIS Group’s privacy practices may be addressed to:

Phone: 1 888 432-1550 ext. 2244

Email: rprp@cis-group.com

Address: 55 Rue Castonguay #301, Saint-Jerome, QC J7Y 2H9

2.     Circumstances in Which We Collect, Use, or Disclose Your Personal Information

We collect, use, and disclose Personal Information in several situations. The types of Personal Information collected, the purposes, and the third parties involved vary depending on the circumstance.
We collect Personal Information:

• When you visit our Website;
• When you apply for a job;
• When you or your employer use certain Solutions;
• When you choose to contact us.

2.1  When You Visit Our Website

12.1.1   Automatically

Technical information (such as your IP address) is collected to allow you to connect to the Website and to protect it, including detecting bots attempting unauthorized access.

2.1.2   Through Cookies

When you visit the Website, cookies will automatically collect Personal Information. These are solely intended to identify “bots” or “robots” with the objective of protecting our Website and the users who use it.

The purposes of each cookie are listed in our Cookie Banner. This banner also indicates to whom the Personal Information is disclosed for the accomplishment of the different purposes listed in the Cookie Banner. You may follow the instructions listed in section 1.1.2. Consent.

To modify or review your consents regarding cookies, you may click on the small blue icon representing a cookie at the bottom left of our web pages.

Our cookies originate from and communicate Personal Information to Microsoft, WordPress and Google. To learn how these third parties will process your Personal Information, visit Microsoft’s Privacy Statement, Google’s Privacy Policy and Terms of Use, and WordPress’s Privacy Policy.

Be aware that some of these cookies perform profiling of your activities on the Internet mainly for the purpose of targeted advertising. This is the case for some Microsoft cookies.

In addition, Google Analytics cookies (_ga and ga*) may perform profiling and locate Website visitors. Google Analytics cookies allow CIS Group to obtain statistics on user visits with the objective of improving the user experience on our Website as well as improving our strategies and advertising campaigns.

2.1.3  When you are required to anthenticate yourself as a human user

You will sometimes be required to click on a button or tool that will test you to identify that you are indeed an authentic user and not a “bot” or “robot.” This is the case, for example, if you wish to submit a consultation request using the form available on our home page.

These tools are provided to us by Google (reCaptcha) and Cloudflare. As such, the Personal Information collected by these tools will be subject to the policies and practices of these companies. For more details about the practices of these companies, visit Privacy Policy | Cloudflare as well as Google’s Privacy Policy and Terms of Use and Google’s Rules of Privacy and Terms of Use.

2.2  When You Apply for a Job

When you apply for a job or an internship, CIS Group collects the Personal Information necessary to:

• Contact you as part of the hiring process
• To assess the quality of your application;
• Evaluate the compatibility of the application with the company’s values; and
• Protect and promote the company’s interests.

As such, when you apply for a job or an internship, you may be required to communicate to CIS Group through the Website or by email:  

• Your last name;
• Your first name;
• Your curriculum vitae;
• Your contact information;
• Your employment and academic history;
• Your professional affiliations;
• The presence or absence of certifications;
• Your personal email address; and
• Your cover letter.

Following a preliminary assessment of your application, you may be invited to one or more interviews which may take place by telephone, in person or by videoconference using Teams (from Microsoft).

CIS Group may also collect this same Personal Information from online job platforms such as Indeed or LinkedIn. Sometimes, CIS Group recruits directly from academic institutions, in which case they may communicate a candidate’s Personal Information to CIS Group. Finally, recruitment agencies may collect the aforementioned Personal Information for CIS Group.

If you submit your application through the Website, you will be required to complete an electronic form. This form is created by an application from Fluent Forms of WPManageNinja LLC and may therefore communicate your Personal Information to them. Their processing of your Personal Information will be governed by their privacy policies. For more details, visit the Privacy Policy of Fluent Forms.

2.3  When your employer uses CISAdminXpress

CIS Group aims to limit as much as possible the collection of personal information in its CIS Companion, CIS Station and CIS AdminXPress solutions.

Among these, the only solution that stores and uses personal information is CIS AdminXPress when this solution is used to process the payroll of a client’s employees. The nature of the personal information collected, stored and used by the solution will depend on the choices of the client using the solution. It is likely to involve personal information necessary to process employee payroll, including:

• Employee identifiers;
• Their contact information;
• Their employment start date;
• Government identifiers such as SIN; and
• Banking details or other financial information (such as salary or employment benefits).

All of this personal information will be used by CIS AdminXPress to perform its main function, which is to allow our clients to manage payroll-related activities.

However, CIS Group may access or be provided with the personal information stored and used by a client in CIS AdminXPress, but only upon request from this client. Thus, CIS Group may access personal information in the context, for example, of a technical support request if access to this personal information is necessary to complete that support request.

2.4  In circumstances where you choose to contact us

We may collect, use and sometimes disclose Personal Information when you choose to contact us.

The nature of the Personal Information and the uses that will be made of it will depend on the reason for your contact. Thus, if you contact us to make a request, we will need to collect your identifiers, your contact information, and the content of your request, all in order to process your request. Similarly, if you wish to receive newsletters to stay informed about our activities, you will need to provide your email address so that we can send them to you.

3.  Compliance with legislation, response to legal requests, prevention of harm and protection of our rights

CIS Group may disclose or use Personal Information when the Law requires or permits it and in order to:

• Respond to requests from public and governmental authorities;
• Comply with legal proceedings;
• Protect the rights, security and property of CIS Group;
• Protect your privacy as well as your rights; and
• Allow CIS Group to exercise available legal remedies or to limit damages that may be caused to it.

4.  Other disclosures of Personal Information

4.1  Third parties receiving Personal Information in all circumstances

In addition to the disclosures of Personal Information to third parties mentioned in section 2, your information may, in each of the circumstances mentioned in section 2, be disclosed to the following entities:

• Microsoft. We disclose Personal Information to Microsoft for email management (Outlook), data storage (SharePoint) and information management (Office 365); and
• Metatracer to facilitate the detection and management of Personal Information on our systems in order to support our compliance with laws governing the protection of Personal Information.

4.2  Disclosure outside Quebec

Certain third parties to whom we disclose Personal Information are located outside Quebec.

5.  Access to Personal Information within CIS Group

Your Personal Information is accessible only to employees, representatives or officers of CIS Group for whom access to your Personal Information is necessary for the performance of their duties. As such, your Personal Information may be accessible to different groups depending on the nature of the information concerned and its purposes. Therefore, the following may have access to Personal Information:

• The Privacy Officer (to promote the protection of Personal Information)
• Our administrators and management;
• Our information technology team; and
• Human Resources (in case of receiving applications).

6.  Retention of Personal Information

ubject to applicable laws, CIS Group retains your Personal Information for the time necessary to achieve the purposes of the Personal Information. However, laws or regulations may require longer retention periods.

7.  Your rights

Subject to limits established by law, you may exercise the rights listed below by writing to the Privacy Officer at the contact information in section 1.2. CIS Group will verify your identity before responding to any of these requests:

• You have the right to access your Personal Information.
• You have the right to correct your Personal Information.
• You have the right to file a complaint by writing to the Privacy Officer.
• You may also contact the Privacy Officer for any questions relating to this Policy.
• You have the right to withdraw your consent to the use or disclosure of your Personal Information by CIS Group, subject to applicable legal and contractual restrictions. If this withdrawal results in problematic consequences for you, these will be communicated to you.

8.  Security measures

CIS Group has implemented measures to adequately protect the confidentiality and security of your Personal Information, including:

Adoption of administrative measures, policies and procedures that:

• Govern access, disclosure, retention, depersonalization, including destruction or anonymization of Personal Information;
• Define employee roles and responsibilities throughout the lifecycle of Personal Information and documents;
• Establish intervention and response procedures in the event of a confidentiality incident;
• Govern the process of requests and complaints related to Personal Information protection.

On the technical side, CIS Group:

• Is ISO/IEC 27001 certified;
• Uses a secure server and Secure Sockets Layer (SSL) technology;
• Uses backup systems;
• Encrypts certain Personal Information;
• Logs access;
• Limits access to Personal Information; and
• Uses a firewall system.

Despite the measures described above, CIS Group cannot guarantee the absolute security of your Personal Information.

9. Changes to this Privacy Policy

CIS Group reserves the right to modify this Policy at any time in accordance with applicable legislation. If you continue to use the Website or receive our services after the new version of the Policy becomes effective, your use of the Website or our services will be governed by this new version of the Policy. 

10.  Links to third‑party websites

From time to time, references or links to websites or services provided and operated by third parties may be included on the Website. These websites and third‑party services are governed by privacy policies entirely distinct and independent from this Policy. CIS Group assumes no responsibility for the content or activities of these websites. This Policy applies only to the Website and the services offered by CIS Group.  

11.  Applicable laws

The laws of Canada and Quebec, excluding their conflict‑of‑law rules, govern this document and your use of the Website. Your use of the Website may also be subject to other local, provincial, national or international laws.