top of page

Privacy policy

1. Introduction

IN-NOVA recognizes the importance of protecting personal data and is committed to processing it responsibly, transparently, and securely. This policy outlines the principles we follow in collecting, using, sharing, protecting, and retaining personal information, in accordance with international data protection standards. It applies to all personal data we process, whether through our online presence (website, forms, cookies), commercial exchanges, or internal management of staff and suppliers. The purpose is to ensure the protection of fundamental rights to privacy and data protection of every data subject.

2. Definitions

  • Personal data: Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier (such as name, number, location data, etc.).

  • Processing: Any operation or set of operations performed on personal data, regardless of the means used (collection, recording, organization, storage, modification, retrieval, consultation, use, disclosure, erasure, etc.).

  • Data controller: The entity that determines the purposes and means of the processing.

  • Data processor: A natural or legal person who processes data on behalf of the data controller.

  • Data subject: The individual whose personal data is being processed.

  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.
     

3. Scope

This policy applies to all IN-NOVA entities, employees, partners, and data processors involved in the processing of personal data. It covers:

  • Data collected via our websites and applications (through forms, cookies, analytics tools);

  • Data processed as part of our customer services or business operations;

  • HR and administrative data related to employees and collaborators;

  • Cross-border data transfers, including to providers located outside Canada or the European Union.

The obligations described apply regardless of the format or method used (electronic, paper, oral, etc.).
 

4. Principles Governing Data Processing

We are committed to upholding the following principles:

  • Lawfulness, fairness, and transparency: Processing is based on a clear legal basis and is explained in a transparent and understandable manner to data subjects.

  • Purpose limitation: Data is collected for specific, explicit, and legitimate purposes and is not further processed in a way that is incompatible with those purposes.

  • Data minimization: Only data that is strictly necessary for the intended purpose is collected.

  • Accuracy: Data is kept up to date; inaccuracies are corrected without delay.

  • Storage limitation: Data is not retained longer than necessary for the purposes for which it was collected.

  • Integrity and confidentiality: Appropriate security measures are in place to protect data from unauthorized access or loss.

  • Accountability: We are able to demonstrate compliance at all times.
     

5. Rights of Data Subjects

Any individual whose data is processed by IN-NOVA has fundamental rights that they may exercise at any time, subject to applicable legal or contractual obligations. These rights include:

  • Right of access: To obtain confirmation as to whether personal data is being processed, access the data, and receive a copy.

  • Right to rectification: To correct inaccurate or incomplete data.

  • Right to erasure (right to be forgotten): To request deletion of data under certain conditions (e.g., withdrawal of consent, outdated data, unlawful processing).

  • Right to restriction of processing: To temporarily limit processing in certain cases (e.g., pending accuracy verification).

  • Right to object: To object to processing for legitimate reasons, particularly in the case of direct marketing.

  • Right to data portability: To receive data in a structured, commonly used, and machine-readable format or to request its direct transfer to another controller.

Requests may be addressed to our Data Protection Officer at the following address:
edi@in-nova.ca | Phone: +1 514-532-1590 ext. 430
A response will be provided within 30 days, except under exceptional circumstances.

6. Information Security

IN-NOVA implements technical and organizational security measures in line with industry best practices. These measures are designed to prevent unauthorized access, use, loss, or disclosure of data. Security controls include:

  • Strong authentication and access management based on the principle of least privilege;

  • Encryption of data in transit (HTTPS, SSL) and, where applicable, at rest;

  • Regular backups stored in secure off-site locations;

  • Logging of access to critical systems;

  • Periodic vulnerability testing and security audits;

  • Ongoing cybersecurity and privacy training for staff.

All incidents are documented and handled according to a strict protocol, including notifications to affected individuals and authorities, if required.

7. International Data Transfers

IN-NOVA may transfer certain personal data to partners or service providers located outside the data subject’s country of residence. These transfers are carried out only when:

  • The destination country ensures an adequate level of protection recognized by competent authorities;

  • Standard contractual clauses or equivalent safeguards are in place;

  • Explicit consent has been obtained, where required;

  • Appropriate security measures are guaranteed.

We ensure that such transfers comply with applicable legal, contractual, and ethical obligations.

8. Subcontracting

Any data processor accessing personal data on behalf of IN-NOVA is contractually bound to comply with strict confidentiality and security obligations. Prior to engaging a processor, IN-NOVA:

  • Assesses the provider’s compliance capabilities;

  • Formalizes security commitments in a written contract;

  • Defines the processing purposes, data categories, retention periods, and responsibilities;

  • Verifies the geographical location of processing.

Processors are subject to audits and must promptly report any data breach or non-compliance.

9. Incident Management

In the event of a data security incident (loss, breach, unauthorized access, etc.), IN-NOVA follows a structured incident response procedure:

  1. Detection and reporting of the incident to the responsible team;

  2. Containment, root cause analysis, and impact assessment;

  3. Immediate remediation and documentation;

  4. Notification to authorities and affected individuals if the incident poses a risk;

  5. Review and update of preventive and corrective measures.

All steps are logged, and an incident register is maintained in accordance with regulatory requirements.

10. Policy Updates

This policy is reviewed at least once a year or whenever there is a regulatory, technological, or organizational change. Updated versions are published with their effective date. In the event of significant changes, explicit notice is provided to affected parties.

Data subjects are encouraged to review this page regularly to stay informed about how IN-NOVA processes personal data.

In-Nova logo for the partner

Outsourcing for your growth.

Contact us now for our services.

+1 514-532-1590

info@in-nova.ca

8108, rue Jean-Brillon, Lasalle (Quebec-Canada) H8N2J
bottom of page