Skip to content
English

Privacy Statement

How we process personal information to conduct of our business

We / Enerkem Inc. (“Enerkem”, “we”, “us”, “our”) Process (as defined below) Personal Information (as defined below) for the conduct of our business, to manage and perform our contracts, and to fulfill our legal obligations. “Personal Information” refers to any information about an identifiable individual or any information that allows an individual to be identified, directly or indirectly. “Processing” refers to any operation performed on Personal Information including, without limitation, collection, use, disclosure, storage, and destruction. Privacy is important to us, and we explain our practices in this Privacy Statement (this “Statement”) (which may be updated from time to time without notice).
 

About cookies, please read our Cookie Policy.

 

 

We are the data controller and you are the Data Subject

Unless we notify otherwise, we are the data controller of Personal Information, meaning that we determine for what purposes and in what ways we Process Personal Information.

 

As part of our operations and activities, we maintain relationship with commercial organizations (such as shareholders, lenders, investors, partners, clients, suppliers, subcontractors, and other stakeholders) and non-commercial organizations (such as government entities, supervisory authorities, and other stakeholders) (hereinafter the “Organizations”). In the course of dealings with these Organizations, the Personal Information of individuals who represent the Organization, generally their employees or other agents, is inevitably brought to our attention and come into our possession.

 

Our employees may provide us with Personal Information of people to contact in the event of an emergency, and this person could be you; if it is the case, we assume that our employees have previously obtained your consent prior to disclosing your Personal Information to us.

 

This Statement is addressed to any person, hereinafter referred to as the “Data Subject”, “you” and “your”, about whom we hold Personal Information and who is not an employee or director or consultant of Enerkem.

 
 

How we collect your Personal Information and your consent, and how you can withdraw your consent

In general, depending on your situation, the Personal Information that we collect is that which you have provided to us or that we received from the Organization you represent during our interactions or that our employee has communicated to us. It may also happen that we receive Personal Information from third parties when it is necessary for the employment or business relationship and in these cases, you have authorized such third party to collect your Personal Information and to disclose same to us for the established or permitted purposes. Please note that these third parties also have their own privacy and cookie policies, which Enerkem is not party to. Finally, we may create, generate, or infer Personal Information about you during the business relationship with us or the Organization that you represent.

 

Due to legal basis and purposes we have established (see How we Process Personal Information below), we rely on some occasions on implied consent and this Statement. Therefore, by providing us with Personal Information or authorizing the Organization you represent to provide it to us, you are deemed to consent to our Processing of your Personal Information in accordance with what is set out in this Statement. We also collect the express written consent of a Data Subject when circumstances warrant it, for example when the Personal Information is sensitive by its nature or the context in which it as collected or when the Personal Information goes beyond the scope specified herein or to meet the reasonable expectations of the Data Subject. When it is not reasonably possible to collect the written consent of the Data Subject, we do not retain such Personal Information.

 

Any consent to the communication and use of Personal Information may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw a consent, please contact us as indicated under the section How to contact us below. However, please note that without your consent to the communication and use of Personal Information, we could be limited or prevented from fulfilling the purposes for which we have collected such information, that is either one of the purposes established by Enerkem described below.

 
 

How we Process Personal Information

We Process Personal Information in accordance with the Statement, which we make available online on or Website and upon request. By referring to the Statement in our staff’s email signature, we ensure that its existence is brought to your attention, by including a hyperlink to the Statement, we facilitate access to it. We assume that the Statement is brought to the attention of all, and particularly Data Subjects, but we cannot be held responsible if a Data Subject chooses not to read it.

 

We Process Personal Information only when permitted by law or in connection with the established purposes described below and in accordance with the legal basis (within the meaning of the European Union General Data Protection Regulation or “GDPR”) associated therewith.
 
Legal basis (GDPR):

 

  • Performance of a contract: when Personal Information is necessary for the execution or performance of a contract with you or the Organization that you represent (business relationship).
  • Legal obligation: when Personal Information is necessary for fulfilling our legal obligations.
  • Legitimate interests: when Personal Information is necessary for legitimate interests.

Established purposes:

 

  • Business relationship. We could collect, create, and infer Personal Information among the following (only when applicable to your situation): your names, signature, business and/or personal contact information (as applicable), professional information such as your academic and professional training, professional memberships and accreditation, past work experience, team to which you belong, name of a supervisor, voice, photo, image, comments you may make during our discussions, and any other relevant information.
    Legal Basis (GDPR): Legitimate interests (for cooperation, business relationship, business development, execution of R&D projects, and delivery of projects) and performance of a contract.
  • Compliance with obligations (legal, regulatory and other); Prevention or detection of violations of law, fraud and other illegal acts. We could collect, create, and infer Personal Information among the following (only when applicable to your situation): your names, contact information, copies of photo identification (such as a passport, driver’s licence and the like), as well as any other relevant documents required by a competent supervisory authority for the purposes of compliance with applicable regulations (including but not limited to anti-corruption and anti-money laundering regulations, “KYC” rules and other rules) and any other relevant information.
    Legal Basis (GDPR): Legal obligation and legitimate interests (to collaborate with authorities and ensure we maintain an acceptable risk profile).
  • Protection and security of personnel, assets and interests when accessing secure facilities or IT networks and systems. We could collect, generate, and infer Personal Information among the following (only when applicable to your situation): your names, voice, photo, image, login information, passwords, identification numbers, user profile, and any other relevant information.
    Legal Basis (GDPR): Legitimate interests (protection and security of our assets and ensure we maintain acceptable risk profile) and legal obligation.

Should we Process more Personal Information than the mentioned, our practices are guided by the following principles:1) limiting the collection, use and disclosure of Personal Information to what is strictly necessary for the business relationship with you or the Organization you represent, and 2) respecting reasonable expectations of Data Subjects.

 
 

With whom we share Personal Information

We may share Personal Information with those of our employees, customers, partners, contractors, and third-party service providers who need to receive it for the purposes for which it was collected. We may also share Personal Information with other third-parties who need to receive it to comply with the law or to comply with a legal obligation or to enforce our rights. Third-party service providers include (but are not limited to) external legal counsels, accountants and auditors, insurers, engineering firms, consulting firms, and other parties that we may solicit or mandate in relation to the established purposes or in relation to data protection such as IT service providers (such as, among others, data-hosting services). These third-parties may have access to Personal Information and be required to Process it as part of the services they provide to us; in such cases, we limit our disclosures to only those Personal Information reasonably necessary to enable them to perform their services or to carry out the established or permitted purposes.

 

All persons with whom we share Personal Information are bound to us by a legal duty or contractual undertakings of confidentiality. We do not enter into any contract with third-parties, where the subject matter of the contract involves the collection, use, disclosure, transfer, retention, or destruction of Personal Information, without this contract being recorded in writing, having previously been subject to legal review as part of a privacy impact assessment, and without it being recorded that the Personal Information disclosed benefits from adequate Processing and protection in accordance with this Statement and applicable laws.

 
 

Where and how long is Personal Information stored

Personal Information is stored on our servers located in our facilities in Quebec (in Canada), on the servers of third-party service providers which may be in the province of Quebec or else where in Canada or in the European Economic Area, as the case may be, and they could be hosted by a cloud application. Any transfer of Personal Information from the European Economic Area to Canada relies on the 2002/2/EC: Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act.

Since Personal Information is subject to the laws of the jurisdiction where it is located, it could be subject to access by foreign agencies and their agents. We are required to comply with privacy laws of various jurisdictions including (but not limited to) the province of Quebec in Canada and the European Economic Area, which laws contain binding rules regarding international transfers which we ensure compliance. You consent to the transfer of your Personal Information to jurisdictions other than that of your residence and where privacy laws may be different from those of your jurisdiction of residence, provided that we ensure that your Personal Information benefit from an adequate protection in the destination jurisdiction. 

We store Personal Information for as long as necessary for the purposes for which they have been collected and to comply with our legal obligations. These storage periods are established by law or, failing that, by our retention schedules and internal policies, which vary by jurisdiction. Unless otherwise required by law, Personal Information that is no longer necessary or relevant is destroyed, erased, or made anonymous. For more information, you may contact us. 
 
 

How we protect Personal Information

We are committed to maintaining the confidentiality, integrity and availability of the Personal Information in our possession and to protecting it against inadvertent loss or alteration, unauthorized access, use and disclosure, and any other unlawful Processing. To this end, we have put in place awareness initiatives and ongoing training programs for our Employees, and we conduct privacy impact assessments in various circumstances, for example when we consider doing business with a supplier whose services may have an impact on Personal Information. We abide by generally accepted information protection and security standards for the protection of Personal Information throughout its life cycle, i.e., from its collection or creation/generation until its destruction. We maintain physical, technical, and administrative security measures proportionate and appropriate to the sensitivity of the Personal Information, the purpose of its use, its quantity, its distribution and its medium. Only those individuals who need access to Personal Information and who are subject to a legal duty, or contractual undertakings, of confidentiality have access to Personal Information. However, no security measure, no Internet transmission method, and no electronic storage method, is infallible and 100% secure. Despite our employee awareness and training efforts, as well as our precautions and investments in the security of our networks and IT systems, we cannot guarantee the security of Personal Information at all times, nor that it will ever be consulted, used, disclosed, modified, destroyed or otherwise compromised, in the event of a security breach or other form of impairment of our physical, technical or administrative safeguards. If you believe that your Personal Information has been compromised, please contact us.

 
 

Data Subject rights in relation to their Personal Information

Depending on your jurisdiction and in certain circumstances, you could have either one of the following rights with respect to your Personal Information, subject however to the conditions, limitations, and exceptions provided by the applicable laws in your jurisdiction (in case of discrepancy between this Statement and the laws of your jurisdiction, the laws of your jurisdiction prevail):

 

  • Access and portability: the right to ask us whether we Process Personal Information about you, the right to have access to it or to receive it in a structured and commonly used technological format, and the right to require us to transfer your Personal Information to another data processor or other person authorized by law to receive it.
  • Accuracy: we are required to take reasonable steps to ensure that Personal Information remains accurate, complete, not misleading, and up to date.
  • Rectification: the right to have incomplete or inaccurate Personal Information rectified.
  • Control over dissemination: the right to ask that we cease dissemination of your Personal Information, that we de-index any hyperlink linked to your name that gives access to Personal Information through a technological means and that any de-indexed hyperlink that gives access to Personal Information be re-indexed.
  • Withdrawal of consent: the right to withdraw your consent to the communication or use of your Personal Information.
  • Complaints: the right to lodge a complaint with the competent supervisory authority and to seek redress in court (where applicable) if you believe that your Personal Information has been compromised or that your rights relating to its Processing have been infringed.
  • Erasure: the right to obtain the erasure of outdated or illegally collected Personal Information.
  • Restriction of Processing and objection: the right to restrict or object to the Processing of Personal Information.
  • Automated decision: the right to challenge any automated decision, should there be any, where such decision has a legal or similarly significant impact, and the right to request that it be reconsidered.

You can, at any time, exercise the above-mentioned rights, if they exist in your jurisdiction, by contacting us. Please note that we are not required to prepare a new document or information to respond to your request and that, to be admissible, your request must be in writing, relate to a document or information that exists, that is about you and that does not require calculation, comparison or other content-generating actions. We generally respond to any written, complete, precise, and valid request within a thirty- (30-) day period of its receipt. If we are unable to comply with your request within that period, we will notify you in writing. If necessary, we can help you formulate a complete and precise request. If we are unable to satisfy your request, we will justify our refusal (subject to legal restrictions, if any), we will indicate the legal provisions on which this refusal is based, and we will inform you of the remedies available to you and the time limits applicable to you. Although the exercise of the above-mentioned rights is usually free of charge, we may charge reasonable fees as provided by applicable laws, for example for transcription, reproduction or transmission of Personal Information; should it be the case, we will inform you of the fees before processing your request.

 

Nothing in this Statement prevents you from contacting the relevant privacy authority of your jurisdiction and to file a complaint.

 
 

How to contact us

To obtain information, exercise rights, file a complaint or simply send us your comments on our practices regarding the Processing and protection of Personal Information, we invite you to contact our Privacy Officer by email at privacy@enerkem.com or by mail as follows:

ENERKEM INC.
To the attention of the Privacy Officer
1130 Sherbrooke Street West, Suite 600
Montreal (Quebec) Canada H3A 2M8 
 
 

How do we update this Statement

We may modify the Statement from time to time and without prior notice. We therefore invite you to review it regularly to stay informed on the way we Process Personal Information.

Get updates on our latest developments