top of page

Privacy policy

1. Introduction

Staff Virtuel recognizes the importance of protecting personal data and is committed to processing it in a responsible, transparent, and secure manner. This policy sets out the guidelines we follow when collecting, using, sharing, protecting, and retaining personal information, in accordance with international data protection standards. It applies to all personal data we process, whether in connection with our online presence (website, forms, cookies), our business transactions, or the internal management of our staff and suppliers. It aims to ensure respect for the fundamental rights to privacy and data protection of all individuals concerned.

2. Definitions
Personal data: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier (name, number, location data, etc.).

Processing: any operation or set of operations performed on personal data, regardless of the method used (collection, recording, organization, storage, modification, retrieval, consultation, use, disclosure, erasure, etc.).

Data controller: the entity that determines the purposes and means of the processing.

Data processor: a natural or legal person processing data on behalf of the data controller.

Data subject: the individual whose data is being processed.

Consent: a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they accept the processing of their personal data.

Translated with DeepL.com (free version)

3. range

This policy applies to all Staff Virtuel entities, employees, partners, and subcontractors involved in the processing of personal data. It covers:

  •  Data collected on our websites and apps (via forms, cookies, and analytics tools).

  • Data processed in connection with our customer service or business activities.

  • HR and administrative data relating to employees and contractors.

  • Cross-border data transfers, including to service providers located outside of Canada or the European Union. The obligations described apply regardless of the medium or method used (electronic, paper, verbal, etc.).

4. Principles Governing Data Processing

We are committed to adhering to the following principles:

  • Lawfulness, fairness, and transparency: Data processing is based on a clear legal basis, explained in a manner that is understandable to the data subjects.

  • Purpose limitation: data is collected for specific, explicit, and legitimate purposes and is not subsequently used in a manner incompatible with those purposes.

  • Data minimization: only data that is strictly necessary is collected.

  • Accuracy: data is kept up to date; errors are corrected without delay.

  • Storage limitation: data is not retained beyond the period necessary for the purposes for which it was collected.

  • Integrity and confidentiality: adequate security measures protect data against unauthorized access or loss.

  • Accountability: we are able to demonstrate our compliance at any time.

5. Rights of Data Subjects

Any individual whose data is processed by Staff virtuel has fundamental rights that they may exercise at any time, subject to applicable legal or contractual obligations. These rights include:

  • The right of access: to obtain confirmation that data is being processed, to access such data, and to receive a copy of it.

  • The right to rectification: to have inaccurate or incomplete data corrected.

  • The right to erasure (right to be forgotten): to request the deletion of data under certain conditions (e.g., withdrawal of consent, obsolete data, unlawful processing).

  • The right to restriction: temporarily restricting processing in certain cases (e.g., verification of accuracy).

  • The right to object: objecting to processing for legitimate reasons, particularly in the case of commercial solicitation.

  • The right to data portability: to receive the data in a structured format or request its direct transmission to a third party. Requests may be addressed to our Data Protection Officer at the following address: edi@in-nova.ca | Phone: +1 514 307 1721 A response will be provided within 30 days, barring exceptional circumstances.

6. Information Security

Staff Virtuel implements technical and organizational security measures in accordance with industry best practices. These measures are designed to prevent any unauthorized access, use, loss, or disclosure of data. Among the safeguards in place are:

  • Strong authentication and access management based on the principle of least privilege;

  • Encryption of data in transit (HTTPS, SSL protocols) and, where applicable, at rest;

  • Regular backups with secure off-site storage;

  • Logging of access to critical systems;

  • Periodic vulnerability testing and security audits;

  • Ongoing staff training on cybersecurity and confidentiality. Any incident is documented and managed according to a rigorous protocol, with notification to affected individuals and authorities as necessary.

7. International Transfers

Staff Virtuel may need to transfer certain personal data to partners or service providers located outside the country of residence of the data subjects. These transfers are made only when:

  • The recipient country ensures an adequate level of protection recognized by the competent authorities;

  • Standard contractual clauses or equivalent safeguards have been put in place;

  • Explicit consent has been obtained, where required;

  • Appropriate security measures are guaranteed. We ensure that these transfers comply with the legal, contractual, and ethical requirements applicable to our activities.

8. Subcontracting

Any subcontractor accessing personal data on behalf of Staff Virtuel is contractually bound to comply with strict confidentiality and security obligations. Prior to any collaboration, Staff Virtuel:

  • Assesses the service provider’s compliance capabilities;

  • Formalizes security commitments in a written contract;

  • Defines the purposes, data categories, retention periods, and responsibilities;

  • Verifies the geographic location of the processing; Subcontractors are subject to audits and must immediately report any data breaches or non-compliance.

9. Incident Management

In the event of a security incident involving personal data (loss, breach, unauthorized access, etc.), Staff Virtuel follows a structured response procedure:

1. Detection and reporting of the incident to the responsible team;

2. Containment, root cause analysis, and impact assessment;

3. Immediate remediation and documentation;

4. Notification to authorities and affected individuals if the incident poses a risk;

5. Update of preventive and corrective measures. All steps are logged, and an incident log is maintained in accordance with regulatory requirements.

10. Policy Updates

This policy is reviewed at least once a year or whenever there is a regulatory, technological, or organizational change. Subsequent versions are published with their effective dates. In the event of a substantial change, explicit notice will be provided to the parties concerned. Data subjects are encouraged to check this page regularly to stay informed about Staff Virtuel’s current personal data processing practices.

bottom of page