Privacy Statement

We / Enerkem Inc. (“Enerkem”, “we”, “us”, “our”) Process (as defined below) Personal Information (as defined below) for the conduct of our business, to manage and perform our contracts, and to fulfill our legal obligations. “Personal Information” refers to any information about an identifiable individual or any information that allows an individual to be identified, directly or indirectly. “Processing” refers to any operation performed on Personal Information including, without limitation, collection, use, disclosure, storage, and destruction. Privacy is important to us, and we explain our practices in this Privacy Statement (this “Statement”) (which may be updated from time to time without notice).

 

About cookies, please read our Cookie Policy.

 

1. We are the data controller and you are the Data Subject
   
2. How we collect your Personal Information and your consent, and how you can withdraw your consent
3. How we Process Personal Information
4. With whom we share Personal Information
5. Where and how long is Personal Information stored
6. How we protect Personal Information
7. Data Subject rights in relation to their Personal Information
8. How to contact us
9. How we update this Statement

 

Unless we notify otherwise, we are the data controller of Personal Information, meaning that we determine for what purposes and in what ways we Process Personal Information.

 

As part of our operations and activities, we maintain relationship with commercial organizations (such as shareholders, lenders, investors, partners, clients, suppliers, subcontractors, and other stakeholders) and non-commercial organizations (such as government entities, supervisory authorities, and other stakeholders) (hereinafter the “Organizations”). In the course of dealings with these Organizations, the Personal Information of individuals who represent the Organization, generally their employees or other agents, is inevitably brought to our attention and come into our possession.

 

Our employees may provide us with Personal Information of people to contact in the event of an emergency, and this person could be you; if it is the case, we assume that our employees have previously obtained your consent prior to disclosing your Personal Information to us.

 

This Statement is addressed to any person, hereinafter referred to as the “Data Subject”, “you” and “your”, about whom we hold Personal Information and who is not an employee or director or consultant of Enerkem.

 

 

In general, depending on your situation, the Personal Information that we collect is that which you have provided to us or that we received from the Organization you represent during our interactions or that our employee has communicated to us. It may also happen that we receive Personal Information from third parties when it is necessary for the employment or business relationship and in these cases, you have authorized such third party to collect your Personal Information and to disclose same to us for the established or permitted purposes. Please note that these third parties also have their own privacy and cookie policies, which Enerkem is not party to. Finally, we may create, generate, or infer Personal Information about you during the business relationship with us or the Organization that you represent.

 

Due to legal basis and purposes we have established (see How we Process Personal Information below), we rely on some occasions on implied consent and this Statement. Therefore, by providing us with Personal Information or authorizing the Organization you represent to provide it to us, you are deemed to consent to our Processing of your Personal Information in accordance with what is set out in this Statement. We also collect the express written consent of a Data Subject when circumstances warrant it, for example when the Personal Information is sensitive by its nature or the context in which it as collected or when the Personal Information goes beyond the scope specified herein or to meet the reasonable expectations of the Data Subject. When it is not reasonably possible to collect the written consent of the Data Subject, we do not retain such Personal Information.

 

Any consent to the communication and use of Personal Information may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw a consent, please contact us as indicated under the section How to contact us below. However, please note that without your consent to the communication and use of Personal Information, we could be limited or prevented from fulfilling the purposes for which we have collected such information, that is either one of the purposes established by Enerkem described below.

 

 

We Process Personal Information in accordance with the Statement, which we make available online on or Website and upon request. By referring to the Statement in our staff’s email signature, we ensure that its existence is brought to your attention, by including a hyperlink to the Statement, we facilitate access to it. We assume that the Statement is brought to the attention of all, and particularly Data Subjects, but we cannot be held responsible if a Data Subject chooses not to read it.

 

We Process Personal Information only when permitted by law or in connection with the established purposes described below and in accordance with the legal basis (within the meaning of the European Union General Data Protection Regulation or “GDPR”) associated therewith.

 

• Performance of a contract: when Personal Information is necessary for the execution or performance of a contract with you or the Organization that you represent (business relationship).
• Legal obligation: when Personal Information is necessary for fulfilling our legal obligations.
• Legitimate interests: when Personal Information is necessary for legitimate interests.

Established purposes:

 

• Business relationship. We could collect, create, and infer Personal Information among the following (only when applicable to your situation): your names, signature, business and/or personal contact information (as applicable), professional information such as your academic and professional training, professional memberships and accreditation, past work experience, team to which you belong, name of a supervisor, voice, photo, image, comments you may make during our discussions, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (for cooperation, business relationship, business development, execution of R&D projects, and delivery of projects) and performance of a contract.
• Compliance with obligations (legal, regulatory and other); Prevention or detection of violations of law, fraud and other illegal acts. We could collect, create, and infer Personal Information among the following (only when applicable to your situation): your names, contact information, copies of photo identification (such as a passport, driver’s licence and the like), as well as any other relevant documents required by a competent supervisory authority for the purposes of compliance with applicable regulations (including but not limited to anti-corruption and anti-money laundering regulations, “KYC” rules and other rules) and any other relevant information.
  Legal Basis (GDPR): Legal obligation and legitimate interests (to collaborate with authorities and ensure we maintain an acceptable risk profile).
• Protection and security of personnel, assets and interests when accessing secure facilities or IT networks and systems. We could collect, generate, and infer Personal Information among the following (only when applicable to your situation): your names, voice, photo, image, login information, passwords, identification numbers, user profile, and any other relevant information.
  Legal Basis (GDPR): Legitimate interests (protection and security of our assets and ensure we maintain acceptable risk profile) and legal obligation.

Should we Process more Personal Information than the mentioned, our practices are guided by the following principles:1) limiting the collection, use and disclosure of Personal Information to what is strictly necessary for the business relationship with you or the Organization you represent, and 2) respecting reasonable expectations of Data Subjects.

 

 

We may share Personal Information with those of our employees, customers, partners, contractors, and third-party service providers who need to receive it for the purposes for which it was collected. We may also share Personal Information with other third-parties who need to receive it to comply with the law or to comply with a legal obligation or to enforce our rights. Third-party service providers include (but are not limited to) external legal counsels, accountants and auditors, insurers, engineering firms, consulting firms, and other parties that we may solicit or mandate in relation to the established purposes or in relation to data protection such as IT service providers (such as, among others, data-hosting services). These third-parties may have access to Personal Information and be required to Process it as part of the services they provide to us; in such cases, we limit our disclosures to only those Personal Information reasonably necessary to enable them to perform their services or to carry out the established or permitted purposes.

 

All persons with whom we share Personal Information are bound to us by a legal duty or contractual undertakings of confidentiality. We do not enter into any contract with third-parties, where the subject matter of the contract involves the collection, use, disclosure, transfer, retention, or destruction of Personal Information, without this contract being recorded in writing, having previously been subject to legal review as part of a privacy impact assessment, and without it being recorded that the Personal Information disclosed benefits from adequate Processing and protection in accordance with this Statement and applicable laws.

 

 

Personal Information is stored on our servers located in our facilities in Quebec (in Canada), on the servers of third-party service providers which may be in the province of Quebec or else where in Canada or in the European Economic Area, as the case may be, and they could be hosted by a cloud application. Any transfer of Personal Information from the European Economic Area to Canada relies on the 2002/2/EC: Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act.

Since Personal Information is subject to the laws of the jurisdiction where it is located, it could be subject to access by foreign agencies and their agents. We are required to comply with privacy laws of various jurisdictions including (but not limited to) the province of Quebec in Canada and the European Economic Area, which laws contain binding rules regarding international transfers which we ensure compliance. You consent to the transfer of your Personal Information to jurisdictions other than that of your residence and where privacy laws may be different from those of your jurisdiction of residence, provided that we ensure that your Personal Information benefit from an adequate protection in the destination jurisdiction. 

We store Personal Information for as long as necessary for the purposes for which they have been collected and to comply with our legal obligations. These storage periods are established by law or, failing that, by our retention schedules and internal policies, which vary by jurisdiction. Unless otherwise required by law, Personal Information that is no longer necessary or relevant is destroyed, erased, or made anonymous. For more information, you may contact us. 

 

 

We are committed to maintaining the confidentiality, integrity and availability of the Personal Information in our possession and to protecting it against inadvertent loss or alteration, unauthorized access, use and disclosure, and any other unlawful Processing. To this end, we have put in place awareness initiatives and ongoing training programs for our Employees, and we conduct privacy impact assessments in various circumstances, for example when we consider doing business with a supplier whose services may have an impact on Personal Information. We abide by generally accepted information protection and security standards for the protection of Personal Information throughout its life cycle, i.e., from its collection or creation/generation until its destruction. We maintain physical, technical, and administrative security measures proportionate and appropriate to the sensitivity of the Personal Information, the purpose of its use, its quantity, its distribution and its medium. Only those individuals who need access to Personal Information and who are subject to a legal duty, or contractual undertakings, of confidentiality have access to Personal Information. However, no security measure, no Internet transmission method, and no electronic storage method, is infallible and 100% secure. Despite our employee awareness and training efforts, as well as our precautions and investments in the security of our networks and IT systems, we cannot guarantee the security of Personal Information at all times, nor that it will ever be consulted, used, disclosed, modified, destroyed or otherwise compromised, in the event of a security breach or other form of impairment of our physical, technical or administrative safeguards. If you believe that your Personal Information has been compromised, please contact us.

 

 

 

 

To obtain information, exercise rights, file a complaint or simply send us your comments on our practices regarding the Processing and protection of Personal Information, we invite you to contact our Privacy Officer by email at privacy@enerkem.com or by mail as follows:

ENERKEM INC.
To the attention of the Privacy Officer
1130 Sherbrooke Street West, Suite 600
Montreal (Quebec) Canada H3A 2M8 

 

 

We may modify the Statement from time to time and without prior notice. We therefore invite you to review it regularly to stay informed on the way we Process Personal Information.