Privacy Policy

Compliant with Quebec Law 25 — Act to modernize legislative provisions as regards the protection of personal information

Last updated: April 27, 2026

Preamble

Axis Solutions Inc. (hereinafter "the Company") is committed to protecting the personal information it collects, uses, communicates and retains in the course of its activities and via the website axissolutionsinc.net.

This policy aims to inform the individuals concerned of the Company's practices regarding the protection of personal information, in accordance with the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1), as amended by Law 25 (Act to modernize legislative provisions as regards the protection of personal information).

Article 1 — Privacy Officer

In accordance with section 3.1 of the Act, the Company designates the following officer:

The officer ensures compliance with the Act and may be contacted for any question regarding the protection of personal information.

Article 2 — Personal Information Collected

In the course of its activities and via the website contact form, the Company may collect the following information:

  • First name, last name and professional title
  • Contact details (mailing address, phone number, email address)
  • Company name
  • Business information (address, identification number)
  • Technical data: IP addresses, connection logs, browsing data, network configurations
  • Billing and payment data
  • Any information voluntarily submitted via the contact form

The Company does not collect sensitive personal information (biometric data, health information, political opinions) unless duly justified and with explicit consent.

Article 3 — Purposes of Collection

Personal information is collected for the following purposes:

  • Responding to inquiries and quote requests via the contact form
  • Performance of service contracts (installation, audit, maintenance, support)
  • Billing and accounting management
  • Communication with prospects and clients (follow-up, reports, recommendations)
  • Improvement of website content, performance and services
  • Ensuring website security (intrusion detection, logging)
  • Compliance with legal and regulatory obligations

Personal information is never sold, rented or exchanged with third parties for commercial purposes.

Article 4 — Consent (s. 14 of the Act)

The collection of personal information is carried out with the consent of the individual concerned, which is manifested, free, informed and given for specific purposes.

By submitting a form on the website, the user consents to the collection and use of their personal information in accordance with this policy.

Consent may be withdrawn at any time by written notice to the designated officer. Withdrawal of consent may limit the Company's ability to provide certain services.

Article 5 — Retention and Destruction

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected.

Upon expiration of the retention period, information is destroyed securely (irreversible deletion of digital files, shredding of paper documents).

Indicative retention periods:

  • Prospect information: 24 months after last contact
  • Contractual data: duration of contract + 3 years (civil prescription)
  • Billing data: 7 years (tax obligations)
  • Technical logs: 90 days, unless required by law

Article 6 — Security Measures (s. 10 of the Act)

The Company implements technical and organizational security measures proportional to the sensitivity of the information, including:

  • Encryption of communications (TLS/SSL) and data at rest (AES-256)
  • Authentication by SSH keys and strong passwords
  • Firewall (UFW/IPTables) with restrictive rules
  • Intrusion detection system (Fail2Ban) and access logging
  • Encrypted backups with redundancy (Cloud + local)
  • Restricted access to personal information based on the principle of least privilege
  • Secure VPN access for remote interventions

Access to personal information is limited to authorized individuals with a legitimate need.

Article 7 — Cookies and Tracking Technologies

The website axissolutionsinc.net may use cookies. Types of cookies used:

  • Essential cookies: necessary for the operation of the website
  • Analytical cookies: to measure audience (e.g., Google Analytics)

Visitors are informed of the use of cookies and may disable them through their browser settings. No personal information is collected through cookies without the user's consent.

Article 8 — Communication to Third Parties and Subcontracting (s. 18.3)

The Company does not sell, rent or communicate personal information to third parties, except:

  • With the consent of the individual concerned
  • When required by law or a court order
  • To subcontractors bound by a confidentiality agreement compliant with section 18.3

Any subcontractor with access to personal information is contractually bound by confidentiality and security obligations equivalent to those of the Company.

Article 9 — Rights of the Individual Concerned (s. 27 to 40)

In accordance with Law 25, every individual concerned has the following rights:

  • Right of access: obtain confirmation of the existence of information concerning them and receive a copy
  • Right of rectification: have inaccurate, incomplete or ambiguous information corrected
  • Right of deletion: request the destruction of their information when it is no longer necessary
  • Right of portability: obtain a copy of their information in a structured and commonly used technological format
  • Right to withdraw consent at any time
  • Right to file a complaint with the Commission d'accès à l'information (CAI) of Quebec

Requests must be addressed by email to info@axissolutionsinc.net. The Company will respond within thirty (30) days.

Article 10 — Privacy Incident Management (s. 3.5 to 3.7)

A privacy incident means any unauthorized access, unauthorized use, unauthorized disclosure or loss of personal information.

In the event of an incident presenting a serious risk of harm, the Company undertakes to notify the Commission d'accès à l'information (CAI) without delay, inform the individuals affected and take reasonable measures to mitigate risks. The Company maintains a register of all privacy incidents retained for a minimum period of five (5) years.

Article 11 — Privacy Impact Assessment (PIA)

The Company conducts a privacy impact assessment (PIA) before any project involving the acquisition, development or overhaul of an information system that involves personal information.

The PIA evaluates the risks to privacy and proposes proportional mitigation measures.

Article 12 — Policy Amendments

The Company reserves the right to modify this policy at any time.

Any amendments will be published on the Company's website with the date of the last update.

Individuals concerned will be informed of substantial amendments by email or by notice on the website.

Article 13 — Applicable Law and Jurisdiction

This policy is governed by the laws of the Province of Quebec and Canada.

Any dispute will be submitted to the exclusive jurisdiction of the courts of the judicial district of Longueuil.

Approval

This policy has been approved by the management of Axis Solutions Inc.

Marc-André Breton, President — Axis Solutions Inc.