Privacy Policy

Privacy Policy

Last updated: November 14, 2025

Introduction

CS Group Canada is committed to protecting the privacy, integrity, and security of the personal information of its clients, employees, candidates, and partners (hereinafter referred to as “stakeholders”). This policy explains our practices regarding the collection, use, disclosure, retention, and protection of personal information.

CS Group Canada (“we,” “our,” or “us”) operates the CS Group Canada website (the “Service”).

This page informs you of our policies regarding the collection, use, disclosure, and protection of personal information when you use our Service.

We will not use or share your information with anyone except as described in this privacy policy.

We use your personal information to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definition of Personal Information

Under the Act respecting the protection of personal information in the private sector, personal information is information that identifies an individual, directly or indirectly.

CS Group Canada acknowledges that it may have access to personal, confidential, strategic, business, technical, or legal information related to the operations of its clients and partners.

Collection of Information

Personal information may be collected through:

  • Google Analytics collects information about each visitor, such as IP address, pages viewed, and duration of the visit, to better understand and analyze user behavior. Through forms or communications with us;
  • Website cookies collect information about a user’s navigation to improve the site experience and personalize certain content;
  • Applicant Tracking Systems (ATS) collect and process candidates’ personal information, such as name, contact details, work history, and skills, to manage applications and facilitate the recruitment process;
  • Internal digital tools.

We only collect personal information necessary for the identified and legitimate purposes.

Use of Information

Measures have been implemented to ensure that only authorized individuals have access to personal information and are authorized to process data. Accordingly, a confidentiality agreement must be signed in advance by all stakeholders, agents, and/or subcontractors of CS Group Canada with access to IT systems and confidential data. No data will be transferred to a third party without the written approval of the stakeholder.

CS Group Canada acknowledges that Confidential Information remains the exclusive property of the stakeholders and that any unauthorized disclosure of this Confidential Information may cause significant harm. To protect the interests of stakeholders, CS Group Canada will use the disclosed Confidential Information only for the purposes for which it was disclosed. Moreover, all stakeholder data remains confidential unless it has been published in the media or by the stakeholders.

A document is considered non-confidential if:

  • It contains no personal information and has no strategic value to the entity;
  • At the time of disclosure, it was in the public domain;
  • It becomes generally available to the public, through publication or otherwise, after the transfer of information between the stakeholder and CS Group Canada, and such disclosure is not due to any fault of CS Group Canada;
  • It is disclosed to CS Group Canada by a third party;
  • It is government information.

The information collected is used for the following purposes:

  • Analyzing and responding to client requirements;
  • Providing consulting services to clients;
  • Recording confidential data in the database;
  • Processing data;
  • Saving changes made in the database;
  • Subscribing stakeholders to the newsletter;
  • Managing human resources;
  • Providing specialized services in support of auditing and the development of mission-critical and safety-critical embedded software;
  • Conducting Privacy Impact Assessments (PIAs) when required;
  • Complying with legal and regulatory obligations.

Disclosure and Communication of Information

We may disclose your information in the following situations:

  • When required by law or a government authority;
  • When transferring outside Quebec after prior assessment (in accordance with Section 17 of Law 25);
  • To service providers offering adequate security guarantees.

Retention and Destruction of Information

CS Group Canada retains stakeholders’ personal information only as long as necessary to provide its services, or as required by applicable laws, regulations, or government orders. Personal information may be retained for different periods depending on:

  • The nature of the information;
  • The reason it is held;
  • Operational needs;
  • Legal and regulatory obligations.

By using CS Group Canada’s services, the stakeholder consents to the transfer of personal information to its database. CS Group Canada never sells personal information to third parties, and written authorization is required before transferring a stakeholder’s confidential information to a third party.

CS Group Canada has implemented appropriate physical, technological, or administrative measures to protect the confidentiality and security of personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, misuse, or any other illegal form of processing of personal information in its possession.

However, no method of Internet transmission or electronic storage is 100% secure. If you have reason to believe that the confidentiality of personal and/or confidential information has been compromised, please contact us at the address below.

In the event of a privacy incident posing a serious risk, CS Group Canada will:

  • Immediately take the necessary measures to reduce the risks;
  • Conduct an internal investigation to identify vulnerabilities and implement corrective measures to prevent recurrence;
  • Notify affected individuals;
  • Notify the Commission d’accès à l’information du Québec (CAI);
  • Record the incident in a mandatory registry.

Data Protection Officer (DPO)

Name: Vincent Duez-Dellac
Title: IT Director – Data Protection Officer
Email: confidentialite.canada@cs-soprasteria.com

Your Rights

Under Law 25, every individual has the following rights:

  • Right of access to their personal information;
  • Right of rectification;
  • Right to withdraw consent;
  • Right to cease dissemination or request de-indexing;
  • Right to data portability (effective since September 2024);
  • Right to file a complaint with the CAI.

Updates

The content of this policy may be changed without notice to reflect changes to our practices, technology, legal requirements, and other factors. Changes to this policy take effect immediately. We therefore encourage stakeholders to stay informed about how CS Group Canada handles personal information.

Contact Us

For any comments, questions, concerns, requests, or complaints regarding any personal information or privacy practices, you are invited to contact us at:

Security Service – Data Protection Officer
CS Group Canada
Security Service
400 Sainte Croix Avenue, Suite 2300, Saint-Laurent, Quebec, H4N 3L4

By email at: confidentialite.canada@cs-soprasteria.com