Privacy Policy

We, Enerkem Inc., including affiliated companies under our control (“Enerkem”, “we”, “our”), Process Personal Information for the conduct of our business, to manage and perform our contracts, and to fulfill our legal obligations.

 

A “Personal Information” (also called a “personal data” in the General Data Protection Regulation of the European Union, known as the “GDPR”) refers to any information about an identifiable individual (a natural person) or any information that allows an individual to be identified, directly or indirectly. 

 

“Processing” and to “Process” refers to any operation performed on Personal Information including, without limitation, collection and to collect, use and to use, disclosure and to disclose, storage and to store, and destruction and to destroy.

 

Confidentiality of Personal Information is important to us. This Privacy Policy (the “Policy”) explains our Personal Information Processing practices, namely:

 

1. Who we are and what we do?
   
2. About whom do we collect Personal Information?
3. How do we obtain your consent to the Processing of your Personal Information?
4. What Personal Information do we Process?
5. How do we collect Personal Information?
6. How do we Process Personal Information?
7. With whom do we share Personal Information?
8. How long do we store Personal Information?
9. Where do we store Personal Information and do we make international transfers?
10. How do we protect Personal Information?
11. What rights does Data Subjects have in relation to their Personal Information?
12. How do we use cookies?
13. How to contact us?
14. How do we update this Policy?

 

 

Enerkem develops and markets technologies and processes that make it possible to produce, from non-recyclable waste, circular chemicals and advance biofuels for hard-to-abate sectors (air and maritime transports, among others). 

Unless we notify otherwise, Enerkem is the data controller of Personal Information, meaning that we determine for what purposes and in what ways we Process and protect Personal Information. 

 

 

As part of our operations, we retain the services of talented directors, officers, employees and consultants (referred to as “Employees” in this Policy, for the purpose of simplifying this Policy) who contribute to our mission to provide the planet with a smart and sustainable alternative to burial and incineration. We also meet with people inspired and motivated by our mission to assess their candidacy to join us as a director, officer, employee or consultant (referred to as “Candidates” in this Policy). We collect Personal Information of our Employees and Candidates.

In addition, we benefit from the support of our shareholders and investors (referred to as “Investors” in this Policy) to carry out our mission. We grant licences and offer our services to our clients. We draw on the complementary services or expertise of partners, providers and subcontractors for the development of our R&D projects or for the delivery of our commercial projects. In all such cases, we collect Personal Information from our Investors (when they are individuals) as well as from individuals who represent our Investors, clients, partners, providers and subcontractors, or who represent a supervisory authority, a government, a governmental entity or any other person or entity (referred to as “Third-Party Representatives” in this Policy), assigned to the project or business relationship with us. 

We do not offer any products or services to consumers; therefore, we do not collect their Personal Information.

We may collect some Personal Information about individuals who visit our website; more information on our use of cookies is set out under the section How do we use cookies? 

Employees and Third-Party Representatives may provide us with Personal Information of people to contact in the event of an emergency and Candidates may provide us with Personal Information of people who act as references (all referred to as “Contacts” in this Policy). Therefore, we also collect Personal Information of Contacts, and we assume that the Employees, Candidates and Third-Party Representatives have previously obtained from their Contacts the necessary informed consent to disclose to us the Personal Information of their Contacts.

In the end, whoever you are (Employee, Candidate, Investor, Third-Party Representative, visitor of our website, Contact or any other individual we may have omitted to mention), and whether your relationship with us is past, present or contemplated, as soon as we Process your Personal Information, we have obligations to you and this Policy applies to you (you are the “Data Subject” within the meaning of this Policy, “you” and “your”).

 

 

Enerkem collects the express written consent of Data Subjects when circumstances permit (for example, when Enerkem has direct relationship with Data Subjects). Thus, Enerkem collects express written consents from Employees and Candidates, among others, and seeks to renew such express written consents from time to time. However, when it is not reasonably possible to collect the express written consent of a Data Subject, we do not store such Personal Information. Should storage be inevitable, we rely on implicit consent and this Policy; in such a case, by providing your Personal Information to us, or by authorizing a third-party to provide it to us, you consent to the Processing of your Personal Information as set out in this Policy. More information about how Personal Information is provided to us and how this Policy is deemed to be brought to your attention is set out under the section How do we collect Personal Information?

Your consent to the communication and use of Personal Information may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw your consent, please contact us as indicated under the section How to contact us? However, please note that without your consent, we could be limited or prevented from fulfilling the purposes for which we have collected such information, that is either one of the purposes established by Enerkem (more fully described in the section How do we Process Personal Information?).

This Policy will be updated from time to time, and you agree to be bound by such updates without prior notice from us. More information about the update of the Policy is set out under the section How do we update this Policy?

 

 

We only Process the Personal Information that is necessary for the purpose for which they have been collected, that is either one of the purposes established by Enerkem (more fully described in the section How do we Process Personal Information?) or permitted by law. More information about the Personal Information we Process is set out under the section How do we Process Personal Information? 

Despite the foregoing paragraph, if you use Enerkem tools or informational assets, be it its electronic devices (such as a computer, tablet, smart phone, etc.), its networks or its email, you must at all times remain aware that you may be disclosing to Enerkem (and to third-party service providers, where applicable) Personal Information that is not necessary for the established or permitted purposes. This is the case when you use Enerkem’s informational tools and assets for personal purposes, and in such cases, the Personal Information that you disclose to Enerkem may be very sensitive. For example, the use of applications and browsing history may reveal habits, an economical situation, a medical condition, personal preferences, personal interests, behaviours, financial information, banking information, purchases, identification, geolocation, photos and videos, contacts, etc. Enerkem reiterates that the use of its informational tools and assets is subject to Enerkem’s terms and conditions, a copy of which has been provided to you (also available on Enerkem’s Intranet), and which provide, among other things, for the absence of any expectation of privacy. Your vigilance and judgment in the use of Enerkem’s informational tools and assets are essential to, and paramount in, the protection of your privacy.

 

 

 

In general, the Personal Information that we collect is the information that you provided to us during the interactions we have with you, that is to say, depending on your case, during the assessment of your job application, during the employment or business relationship with us or when you visit our website.

In addition, third-parties (for example, without limitation, the person that you represent, a recruitment software as a service (SaaS) provider, a recruitment or personnel placement agency, a headhunter, a background check agency and any other third party) may provide to us your Personal Information when they are necessary for the employment or business relationship, or for the benefit of your job application, or for the improvement of our website; in these cases, you have authorized such third party to collect your Personal Information and to disclose same to us for the established or permitted purposes. Please not that these third-parties also have their own privacy and cookie policies, which Enerkem is not party to. 

Finally, we may create, generate, or infer Personal Information about you during the employment or business relationship with us or the assessment of your job application.

Enerkem assumes that this Policy is brought to the attention of the Data Subjects. Enerkem communicates this Policy by taking the measures described below to ensure that the existence of the Policy is brought to everyone’s attention and facilitates access to it, notably through hyperlinks, but Enerkem cannot be held responsible if the Data Subjects choose not to review it:

Data Subject	Means of communication of the Policy
Employee	Reference to the Policy (with a hyperlink to the Policy posted on our website) in the “HR” section of Enerkem’s Intranet (among Enerkem other policies) Reference to the Policy (with a hyperlink to the Policy posted on our website) in the signature section of emails for all Enerkem email addresses  Presentation and/or mention of the Policy (with a hyperlink to the Policy posted on our website) in various internal communications concerning the rules of conduct expected at Enerkem Various information security and/or privacy protection awareness and training initiatives
Candidate	Reference to the Policy (with a hyperlink to the Policy posted on our website) in the “Career” section of our website
Third-Party Representative	Reference to the Policy in employee email signatures with a hyperlink to the Policy posted on our website
Visitor of our website	Policy posted in the “Privacy” section of our website The Cookie Policy is posted in the “Cookies” section of our website and refers to this Policy (with a hyperlink to the Policy posted on our website)
Contact and other individual	Policy posted in the “Privacy” section of our website

Any Data Subject may at any time request a copy of this Policy by contacting us as set forth under the section How to contact us?

 

 

We Process Personal Information only when permitted by law or in connection with the established purposes described below and in accordance with either one of the associated legal bases (GDPR).

Legal bases (GDPR):

• Performance of a contract: when Personal Information is necessary for the execution or performance of a contract with you or the person that you represent (employment or business relationship).
  
  
• Legal obligation: when Personal Information is necessary for fulfilling our legal obligations.
  
  
• Legitimate interests: when Personal Information is necessary for legitimate interests

Established purposes:

• Business relationship.
  We may collect, create, and infer the following Personal Information: your names, signature, business and/or personal contact information (as applicable), professional information such as your academic and professional training, professional memberships and accreditations, past work experience, team to which you belong, name of a supervisor, voice, photo, image, comments you may make during our discussions, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (for cooperation, business relationship, business development, execution of R&D projects, and delivery of projects) and performance of a contract.
  
  
• Recruitment.
  We may collect, create, and infer the following Personal Information: your names and contact information, educational background, employment history, professional affiliations and accreditations, any other information within your resume and presentation letter, evaluation results, results of background checks of any kind, voice, image, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (for recruitment).
  
  
• Employment relationship, and related activities and services (including without limitation: (i) providing and administering payroll, benefits, information technology and data Processing, and social activities; (ii) conduct performance reviews and determine performance requirements; (iii) identify training and development needs; (iv) Process employee requests related to work, such as compensation claims and settlements; (v) managing and terminating the employment relationship; (vi) any other reasonable purpose relating thereto).
  
  We may collect, create, and infer the following Personal Information: your information, collected, generated and inferred during the recruitment process, identification numbers issues by governments (such as the social insurance number, among others), banking information, gender, birthday date, matrimonial status, signature, photo, image and voice, copies of diplomas, beneficiaries of pension plans and/or social benefits, health information in case of a special condition, care to provide you in the event of an emergency, emergency contact person, medical information in the event of a workplace accident or injury, performance evaluations, information related to immigration or secondment, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (HR management), performance of a contract and legal obligation.
  
  
• Compliance with obligations (legal, regulatory and other); Prevention or detection of violations of law, fraud and other illegal acts.
  We may collect, create, and infer the following Personal Information: your names, contact information, copies of photo identification (such as a passport, driver’s licence and the like), as well as any other relevant documents required by a competent supervisory authority for the purposes of compliance with applicable regulations (including but not limited to anti-corruption and anti-money laundering regulations, “KYC” rules and other rules) and any other relevant information.
  Legal Basis (GDPR): Legal obligation and legitimate interests (to collaborate with authorities and ensure we maintain an acceptable risk profile).
  
  
• Protection and security of personnel, assets and interests when accessing secure facilities or IT networks and systems.
  We may collect, generate and infer the following Personal Information: your names, voice, photo, image, login information, passwords, identification numbers, user profile, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (protection and security of our assets and ensure we maintain acceptable risk profile) and legal obligation.
  
  
• Use and improvement of website.
  We may collect, generate and infer the following Personal Information: your website usage information and other technical information, such as details about your navigation of our website pages, your interaction with our online content and information collected through cookies, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (to improve our website). 

 

We may use Personal Information that we have omitted above; where applicable, our Processing of Personal Information is guided by the principles of limiting the collection, use and disclosure of Personal Information (to what is strictly necessary for the established purposes) and to respect reasonable expectations of the Data Subjects.

While we take reasonable steps to ensure that the Personal Information is accurate, complete, and up-to-date at the time we use it, we also rely on the proactive cooperation of the Data Subjects to provide us with accurate and timely updates regarding their Personal Information.

 

 

We may share Personal Information with those of our Employees, customers, partners, subcontractors, and third-party service providers who need to receive it for the purposes for which it was collected; more information on these purposes is set out under the section How do we Process Personal Information? All persons with whom we share Personal Information are bound to us by a legal duty, or contractual undertakings, of confidentiality. 

Third-party service providers include (but are not limited to) law and notary firms, accounting firms, insurers, engineering firms, consulting firms, personnel agencies, communications agencies, public relations firms, financial institutions, payroll and payment-related service providers, IT service providers of all kinds (such as, among others, website services, application development services, data hosting services, maintenance services). These third-parties may have access to Personal Information and be required to Process it as part of the services they provide to us; so, we limit our disclosures only to that Personal Information reasonably necessary to enable them to perform their services or to carry out the established or permitted purposes. We have entered into agreements with these third-parties which require that the Personal Information disclosed to them receive adequate Processing and protection in accordance with this Policy and applicable laws. Furthermore, no agreement is signed with a third party when the purpose of the agreement involves the collection, use, disclosure, transfer, storage, or destruction of Personal Information without Enerkem carrying out a prior legal review of the agreement as part of a privacy impact assessment, in order to ensure adequate levels of protection and security.

We may also share Personal Information with other third-parties who need to receive it to comply with the law or to comply with a legal obligation or to enforce our rights. 

It should be noted that the persons with whom we may share certain Personal Information may be located in various jurisdictions. As a result, Personal Information may be Processed outside your jurisdiction. In accordance with the applicable law, there may be circumstances in which Personal Information may be made available to the authorities of these jurisdictions, their regulatory or law enforcement agencies or their representatives. More information on the disclosure of Personal Information to the authorities is mentioned under the section Where do we store and process Personal Information and do we make international transfers?

 

 

We store Personal Information for as long as necessary for the purposes for which they have been collected and to comply with our legal obligations. These retention periods are established by law or, failing that, by our retention schedules and internal policies, which vary by jurisdiction. Unless otherwise required by law, Personal Information that is no longer necessary or relevant is destroyed, erased, or made anonymous. For more information, you may contact us as indicated under the section How to contact us? 

 

 

We store Personal Information on our servers located in our facilities in Quebec (where we have our head office), and/or Alberta (in Canada), as well as on the servers of third-party service providers (i.e., SaaS providers or cloud services), which may be out of Quebec or Canada or the European Economic Area, as the case may be. 

Since Personal Information is subject to the laws of the jurisdiction where it is located, Personal Information could be subject to disclosure to the government, their law enforcement agencies, and their respective agents, of such jurisdiction, should that be provided by local laws. As we are required to comply with privacy laws of various jurisdictions including (but not limited to) Quebec and Alberta (in Canada) and the European Economic Area, which laws contain binding rules regarding the international transfer of Personal Information. You consent to the transfer of your Personal Information to jurisdictions other than that of your residence and where privacy laws may be different from those of your jurisdiction of residence. 

 

 

We are committed to maintaining the confidentiality, integrity and availability of the Personal Information in our possession and to protecting it against inadvertent loss or alteration, unauthorized access, use and disclosure, and any other unlawful Processing. To this end, we have put in place awareness initiatives and ongoing training programs for our Employees, and we conduct privacy impact assessments in various circumstances, for example when we consider doing business with a supplier whose services may have an impact on Personal Information.

We abide by generally accepted information protection and security standards for the protection of Personal Information throughout its life cycle, i.e., from its collection or creation/generation until its destruction. We maintain physical, technical, and administrative security measures proportionate and appropriate to the sensitivity of the Personal Information, the purpose of its use, its quantity, its distribution and its medium. Only those individuals who need access to Personal Information and who are subject to a legal duty, or contractual undertakings, of confidentiality have access to Personal Information.

However, no security measure, no Internet transmission method, and no electronic storage method, is infallible and 100% secure. Despite our awareness and training efforts, as well as our precautions and investments in the security of our networks and IT systems, we cannot guarantee the security of Personal Information at all times, nor that it will never be consulted, used, disclosed, modified, destroyed or otherwise compromised, in the event of a security breach or other form of impairment of our physical, technical or administrative safeguards. If you believe that your Personal Information has been compromised, please contact us as indicated under the section How to contact us? 

 

 

Depending on your jurisdiction and in certain circumstances, you could have either one of the following rights with respect to your Personal Information, subject however to the conditions, limitations and exceptions provided by the applicable laws in your jurisdiction (in case of discrepancy between this Policy and the laws of your jurisdiction, the laws of your jurisdiction prevail): 

 

• Access and portability: the right to ask us whether we Process Personal Information about you, the right to have access to it or to receive it in a structured and commonly used technological format, and the right to require us to transfer your Personal Information to another data processor or other person authorized by law to receive it.
  
  
• Accuracy: we are required to take reasonable steps to ensure that Personal Information remains accurate, complete, not misleading and up to date.
  
  
• Rectification: the right to have incomplete or inaccurate Personal Information rectified.
  
  
• Control over dissemination: the right to ask that we cease dissemination of your Personal Information, that we de-index any hyperlink linked to your name that gives access to Personal Information through a technological means and that any de-indexed hyperlink that gives access to Personal Information be re-indexed.
  
  
• Withdrawal of consent: the right to withdraw your consent to the communication or use of your Personal Information.
  
  
• Complaints: the right to lodge a complaint with the competent supervisory authority and to seek redress in court (where applicable) if you believe that your Personal Information has been compromised or that your rights relating to its Processing have been infringed.
  
  
• Erasure: the right to obtain the erasure of outdated or illegally collected Personal Information. 
  
  
• Restriction of Processing and objection: the right to restrict or object to the Processing of Personal Information.
  
  
• Automated decision: the right to challenge any automated decision, should there be any, where such decision has a legal or similarly significant impact, and the right to request that it be reconsidered.

 

You can, at any time, exercise the above-mentioned rights, if they exist in your jurisdiction, by contacting us as indicated under the section How to contact us? Please note that we are not required to prepare a new document or information to respond to your request and that, to be eligible, your request must be in writing, relate to a document or information that exists with regards to you, and not require any calculation or comparison. 

We generally respond to any written, complete, precise, and valid request within a thirty- (30-) day period of its receipt. If we are unable to comply with your request within that period, we will notify you in writing. If necessary, we can help you formulate a complete and precise request. If we are unable to satisfy your request, we will justify our refusal (subject to legal restrictions, if any), we will indicate the legal provisions on which this refusal is based, and we will inform you of the remedies available to you and the time limits applicable to you. 

Although the exercise of the above-mentioned rights is usually free of charge, we may charge reasonable fees for transcription, reproduction or transmission of Personal Information, in accordance with applicable laws. If so, we will inform you of the fees before processing your request.

Nothing in this Policy prevents you from contacting the relevant privacy authority of your jurisdiction and to file a complaint.

 

 

Information about cookies is indicated in our Cookie Policy, which is part of this Policy. 

 

 

 

To obtain information, exercise your rights, file a complaint or simply send us your comments on our policies and practices regarding the Processing and protection of Personal Information, we invite you to contact our Privacy Officer (the “Data Protection Officer” in some jurisdictions) by email at privacy@enerkem.com or by mail as follows:

ENERKEM INC.
To the attention of the Privacy Officer
1130 Sherbrooke Street West, Suite 600
Montreal (Quebec) Canada H3A 2M8 

 

 

 

We may modify the Policy from time to time and without prior notice. We therefore invite you to review it regularly to stay informed on the way we Process Personal Information. This Policy was last updated in November 2023.