Purpose of the Policy

The purpose of this policy is to inform individuals about:

• what personal information we collect
• how and why we collect it
• how it is used, communicated, and stored
• your rights regarding your personal information
• how to contact us for questions or requests

This policy applies to all personal information handled by Groupe Routo through our consulting services, our website, and our administrative activities.

What Personal Information We Collect

We only collect the information required to deliver our services and operate our business. This may include:

Information provided directly

• First and last name
• Email address, phone number, mailing address
• Role, organization, and business contact details
• Information related to consulting mandates
• Billing and payment information
• Communications exchanged with us

Information collected automatically

When you interact with our website:

We do not collect sensitive personal information unless strictly necessary and with explicit consent.

• Logs, cookies, analytics data
• Browser, device, and usage information

How Personal Information Is Collected

We collect personal information:

• directly from you (forms, email, meetings, calls)
• during the delivery of consulting mandates
• through our website and digital tools
• from third parties, with consent or as permitted by law

Why We Collect Personal Information

Personal information is collected for the following purposes:

• Delivering and improving our consulting services
• Managing client relationships and communications
• Responding to inquiries and service requests
• Administration, billing, and accounting
• Managing business operations and compliance obligations
• Improving our website and digital experience
• Preventing fraud, errors, or unauthorized access

We will never use personal information for purposes other than those identified, unless consent is provided or permitted by law.

Consent

We collect, use, and disclose personal information with consent, which may be:

• explicit (written, verbal, digital)
• implied (when information is voluntarily provided for a specific purpose)

Consent can be withdrawn at any time, subject to legal or contractual limitations.

Disclosure of Personal Information

We may share personal information with third parties only when necessary and for legitimate purposes, such as:

• service providers assisting us in delivering our services (IT tools, cloud storage, accounting software)
• legal, regulatory, or governmental authorities when required

When personal information is stored or accessed outside Quebec, we ensure that the protections are equivalent to those required by Quebec law.

We do not sell or rent personal information.

Protection and Security Measures

We take reasonable security measures, consistent with the sensitivity of the information, to protect personal information from:

• loss
• theft
• unauthorized access
• disclosure
• use or modification

These measures include administrative controls, restricted access, secure systems, and data protection practices.

Retention and Destruction

Personal information is retained only for the time necessary to:

• fulfill the purposes for which it was collected
• meet legal and regulatory requirements

When no longer required, it is securely destroyed or anonymized.

Confidentiality Incidents

In the event of a confidentiality incident involving personal information:

• we will act promptly to reduce risk
• we will assess whether the incident presents a risk of serious injury
• when required, we will notify the Commission d’accès à l’information (CAI)
• affected individuals will be informed when the risk is serious
• an incident register will be maintained, as required by law

Your Rights

Under Quebec Law 25, individuals have the right to:

• access their personal information
• correct incomplete or inaccurate information
• withdraw consent
• request deletion, when applicable
• ask how their information is used
• obtain a copy of their information in a structured format (portability), when applicable

Cookies and Website Technologies

Our website may use cookies or similar technologies to:

• improve functionality
• measure website performance
• personalize content

Users can disable cookies in their browser settings.
When required, a cookie banner will appear to obtain consent.

Person Responsible for Personal Information

In accordance with Quebec Law 25, Groupe Routo designates the following person as responsible for the protection of personal information:

Privacy Officer

Bobby Roussel
Email: info@grouperouto.ca

This individual ensures compliance and handles all questions or requests.

Updates to This Policy

This policy may be updated periodically to reflect changes to our practices or legal requirements.
The most recent version will always be available on our website.