1. Background

The purpose of this policy is to ensure the protection of personal information and to govern the manner in which the Falcon International (hereinafter referred to as the company) collects, uses, discloses, retains, destroys, or otherwise manages personal information.

Additionally, it is intended to inform any interested person about how the Company handles their personal information.

2. Scope and Definitions

This policy applies to the company, including, but not limited to, its officers, employees, consultants, partners, and any person who otherwise provides services on behalf of the company. It also applies to the Company’s website.

It covers all types of personal information managed by the company, whether it is the information of its clients, potential or current, consultants, employees, members, or any other person (such as visitors to its websites or otherwise).

For the purposes hereof, personal information is information about a natural person that directly or indirectly identifies that individual, however, a person’s professional or business contact information does not constitute personal information.

Please note that the company’s services and programs are not aimed at minors and the company does not collect sensitive personal information.

3. Company responsibilities

Falcon International is responsible for the protection of the personal information under its control. The President of the company serves as the company’s Chief Privacy Officer. He can be reached by email at [email protected]

He is responsible for ensuring compliance with applicable legislation concerning the protection of personal information and approving and implementing policies and practices regarding the governance of personal information and handling requests and complaints.

The company employees, consultants and associated partners who have access to or are otherwise involved in the management of personal information must protect their personal information and comply with this policy.

4. Data security

The company is committed to implementing reasonable security measures to ensure the protection of the personal information under its control. The security measures in place include, but are not limited to, the purpose, quantity, distribution, medium and sensitivity of the information.

5. Collection, Use and Disclosure to a Third Party

In the course of its business, the company generally collects business contact information. The company will inform data subjects, at the time of collection of personal information, of the purposes for which it is collected and the means of collection, in addition to other information to be provided as required by law.

The company applies the following general principles with respect to the collection, use and disclosure of personal information:

Consent:

• Generally, the company collects personal information directly from the individual concerned and with the consent of the individual concerned.

Collection :

• In all cases, the company only collects information if it has a valid reason to do so. In addition, the collection will be limited to the necessary information that is necessary to fulfill the intended purpose.

Ownership and Use:

• The company ensures that the information it holds is up-to-date and accurate at the time it is used to make a decision about the individual.

• The company may only use an individual’s personal information for the purposes provided at the time of collection.

• Limited access. The company limits access to personal information to those individuals (including its consultants and partners) for whom the information is necessary for the performance of their duties.

Disclosure to a third party:

• Generally, the company will obtain the consent of the individual before disclosing his or her personal information to a third party.

• However, sometimes it is necessary to disclose personal information to third parties. For example, personal information may be disclosed to third parties without the consent of the individual concerned in certain circumstances, including, but not limited to, the following:

• • a public body (such as the government) that, through one of its representatives, collects it in the exercise of its powers, duties, or functions or in the implementation of a program that it manages.

• • service providers to whom it is necessary to disclose the information without the individual’s consent. For example, these service providers may include event organizers, the company contractors designated to perform mandates in programs administered by the company, and cloud service providers.

• communication outside Quebec: It is possible that personal information held by the company may be disclosed outside of Quebec, for example, when the company uses cloud service providers whose server(s) are located outside Quebec or when the company does business with subcontractors located outside the province.

• In the latter two cases, the company must have written contracts with these suppliers that indicate the measures they must take to ensure the confidentiality of the personal information disclosed, that the use of this information is only for the performance of the contract and that they cannot retain this information after its expiry. In addition, such contracts must provide that suppliers must notify the company’s Privacy Officer of any breach or attempted breach of confidentiality obligations with respect to the personal information disclosed and must allow the company’s Privacy Officer to conduct any verification relating to such confidentiality.

6. Retention and Destruction of Personal Information

Unless a minimum retention period is required by applicable law or regulation, the company will retain personal information only for as long as necessary to fulfill the purposes for which it was collected.

At the end of the retention period or when the personal information is no longer required, the company will ensure that it is destroyed.

The destruction of information by the company must be done in a secure manner to ensure the protection of this information.

7. Rights of access, rectification, withdrawal of consent and complaints

Subject to certain legal restrictions, individuals may request access to, correct, withdraw consent to the disclosure or use of the information collected, the categories of individuals who have access to it, and the retention period.

To assert their rights or submit a complaint, the individual must submit a written request to this effect to the email address responsible for the protection of personal information.

The company’s Privacy Officer must respond in writing to such requests within 30 days of the date of receipt of the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In these cases, the response must indicate the remedies under the law and the time limit for exercising them. The person in charge should assist the applicant in understanding the refusal if necessary.

8. Website and cookies

Cookies are data files that are sent to a website visitor’s computer by their web browser when they visit that website and can be used for a variety of purposes.

Websites controlled by the company use the following types of cookies:

• Session cookies: These are session cookies that are stored for the duration of the visit to the website only.

• Persistent cookies: These are kept on the computer until they expire, and they will be retrieved the next time you visit the site.

Some cookies may be disabled by default and visitors will be able to choose whether to enable these features when visiting the company’s websites.

9. Approval

This policy is approved by the Company’s Privacy Officer, whose business contact information is as follows:

Privacy Officer: The President of Falcon International
Email: [email protected]

Phone: +1 (514) 426-9200

If you have any requests, questions, or comments regarding this policy, please contact the person in charge by email.

10. Publication and Amendments

This Policy is posted on the company’s website, as well as on all websites controlled and maintained by the company, to which this Policy applies, with respect to the personal information collected therein.

Table of Versions and Changes: