Skip to content

Privacy Policy

1. Introduction

IN-NOVA recognizes the importance of protecting personal data and undertakes to treat it responsibly, transparently and securely. This policy sets out the rules we follow to collect, use, share, protect and store personal information, taking into account international data protection standards. It applies to all personal data that we process, whether as part of our online presence (web site, forms, cookies), our commercial exchanges, or the internal management of our staff and suppliers. It aims to ensure respect for the fundamental rights to privacy and data protection of all data subjects.

2. Definitions

  • Personal data: any information relating to an identified or identifiable individual, directly or indirectly, including by reference to an identifier (name, number, location data, etc.).
  • Processing: any operation or set of operations involving personal data, regardless of the process used (collection, registration, organization, preservation, modification, extraction, consultation, use, communication, erasure, etc.).
  • Responsible for processing: an entity that determines the purposes and means of processing.
  • Subcontractor: a natural or legal person processing the data on behalf of the person responsible.
  • Data subject: individual whose data are processed.
  • Consent: an expression of free, specific, enlightened and unambiguous will by which the data subject accepts the processing of his personal data.

​​

3. Scope

This policy applies to all entities, employees, partners and subcontractors of IN-NOVA involved in the processing of personal data. It covers:

  • Data collected on our websites and applications (via forms, cookies, analysis tools).
  • Data processed as part of our customer service or business activities.
  • HR and administrative data relating to employees and collaborators.
  • Data transfers between countries, including to providers outside Canada or the European Union. The obligations described apply regardless of the medium or method used (electronic, paper, verbal, etc.).

4. Principles for data processing

We commit ourselves to the following principles:

  • Legality, loyalty and transparency: treatment is based on a clear legal basis, explained in a understandable way to the persons concerned.
  • Limitation of Purposes: Data are collected for specific, explicit and legitimate purposes and are not subsequently used inconsistently with these objectives.
  • Data minimization: only strictly necessary data are collected.
  • Accuracy: data are kept up to date; errors are corrected without delay.
  • Limitation of retention: data are not kept for longer than is necessary for the purposes pursued.
  • Integrity and confidentiality: Adequate security measures protect data against unauthorized access or loss.
  • Accountability: We are able to demonstrate compliance at all times.

5. Rights of data subjects

Any person whose data is processed by IN-NOVA shall have fundamental rights which it may exercise at any time, subject to applicable legal or contractual obligations. The rights recognized include:

  • The right of access: to obtain confirmation of the processing of data, access and receive a copy of the data.
  • The right to rectification: correct inaccurate or incomplete data.
  • The right to erasure (right to forget): to request the deletion of data under certain conditions (e.g. withdrawal of consent, obsolete data, illegal processing).
  • The right to limitation: temporarily restrict treatment in certain cases (e.g. verification of accuracy).
  • The right of opposition: to oppose treatment for legitimate reasons, particularly in the case of commercial prospecting.
  • The right to portability: to receive data in a structured format or to request their direct transmission to a third party. Requests can be addressed to our Data Protection Officer at: edi@in-nova.ca | Tel: +261 38 22 169 01. A response will be provided within 30 days, except in special circumstances.

6. Information security

IN-NOVA implements technical and organisational security measures in line with industry best practices. These measures are intended to prevent unauthorized access, use, loss or disclosure of data. Among the protections in place:

  • Strong authentication and access management based on the principle of least privilege;
  • Encryption of data in transit ( HTTPS protocol, SSL) and, where appropriate, at rest;
  • Regular backups with secure off-site storage;
  • Journalization of access to critical systems;
  • Vulnerability tests and periodic security audits;
  • Ongoing training of staff in cybersecurity and confidentiality. Any incident shall be documented and managed according to a rigorous protocol, with notification to the persons concerned and to the authorities if necessary.

7. International transfers

IN-NOVA may be required to transfer certain personal data to partners or providers located outside the country of residence of the persons concerned. These transfers are made only when:

  • The receiving country shall ensure an adequate level of protection recognised by the competent authorities;
  • Standard contractual clauses or equivalent commitments have been put in place;
  • Explicit consent was obtained when required;
  • Appropriate security measures shall be guaranteed. We ensure that these transfers comply with the legal, contractual and ethical requirements applicable to our activities.

8. Subcontracting

All subcontractors accessing personal data on behalf of d Before any collaboration, IN-NOVA:

Evaluates the provider's compliance capabilities;

  • Formalizes security commitments in a written contract;
  • Defines purposes, data categories, retention periods and responsibilities;
  • Ensure the geographical location of the processing; Subcontractors are subject to audits and must promptly report any data breach or non-compliance.

9. Incident management

In the event of a security incident involving personal data (loss, leak, unauthorized access, etc.), IN-NOVA uses a structured response procedure:

  • Detection and reporting of the incident to the team responsible;
  • Contention, cause analysis and impact assessment;
  • Immediate remediation and documentation;
  • Notification to the authorities and persons concerned if the incident presents a risk;
  • Update of preventive and corrective measures. All steps are outlined and an incident log is maintained in accordance with regulatory requirements.

10. Policy Update

La présente politique est revue au moins une fois par an ou à l’occasion d’un changement réglementaire, technologique ou organisationnel. Les versions successives sont publiées avec leur date d’entrée en vigueur. En cas de modification substantielle, un avis explicite est diffusé aux parties concernées. Les personnes concernées sont invitées à consulter régulièrement cette page afin de rester informées des pratiques actuelles de traitement des données personnelles par IN-NOVA

EnglishenEnglishEnglish
FrenchfrFrenchFrançaisEnglishenEnglishEnglish
WordPress Cookies by Real Cookie Banner