Privacy and Confidentiality Policy

When we collect personal information, we ask for your consent by various means, for example by filling out a form, clicking on an electronic authorization, or by any other means that ensures that you are giving informed consent to send us such information.

We understand that when you provide us with such information, you consent to its use under the terms of this Policy.

Furthermore, when we communicate with you or you communicate with us in the context of carrying out a professional mandate that you had entrusted to us, we assume that you consent to transmit to us personal information concerning you to carry out of this mandate.

Any action that relates to a registration or a contact form requires the voluntary transmission of your personal information. When this information is required to process your request, you will be notified directly on the form to complete.

You can withdraw your consent. In this regard, we refer you to the right to withdraw consent section, below.

Consultation of the Site does not require registration or prior identification. It can be carried out without you communicating any personal data concerning yourself (surname, first name, address, etc.). We do not record any personal data for the simple consultation of the Site.

As part of the use of the Site, the following categories of data concerning its Users may be collected:

• Name.

• Email address.

• Telephone number.

• Connection data (IP addresses, event logs, etc.).

This information will be processed in the context of requests made by the user using the contact form and will be used strictly within the framework of this request and the commercial relationship that could follow from it.

Some of the technical data of your device is collected automatically by the Site through cookies. This information includes your IP address, Internet service provider, hardware configuration, software configuration, browser type, and language. The collection of this data is necessary for the provision of the services.

Some technical data from your device may be used for statistical purposes. This information helps us personalize and continually improve your experience on our Site. We do not collect or store any personal data (surname, first name, address, etc.) possibly attached to technical data. Demographic statistics about our visitors (country of origin, language of correspondence, etc.) and their browsing habits (pages viewed, duration of consultation, etc.) are also considered personal information and are collected for statistical purposes. The data collected is not likely to be resold to third parties.

Technical data is kept for the duration strictly necessary to achieve the purposes mentioned in this policy.

The User may request access, modification, or deletion of this data at any time via the Site's contact form or by contacting the Data Controller at the email address provided above.

OROKOM uses the MATOMO audience analysis tool to obtain demographic statistics on its visitors and statistics on their browsing habits. We may also use this data to better understand their behavior or improve the structure of our website. In addition, MATOMO allows us to establish the profile of our current or potential listeners, to improve our product and service offering. To collect anonymous information and produce statistical reports, MATOMO may use cookies, but without identifying you personally.

The site can integrate video and audio files from third-party services (YouTube, Vimeo, Soundcloud, etc.), allowing the user to view them directly on the site.

Cookie files from these third-party services may therefore be stored on the user's computer. We draw the user's attention to the fact that these sites have their privacy policies and general conditions of use that may be different from those of this site. We invite you to consult the privacy policies and general conditions of use of these sites.

A button will appear before the first viewing of a video to ask for your consent; once given, you can withdraw it by clicking on the button below.

We use your personal information following the legislation currently in force in Quebec concerning the protection of personal information, and only for the purposes mentioned in this Policy.

OROKOM only uses and discloses your personal information when it has obtained your consent, except as permitted by law. This personal information is used to communicate with you, provide you with services or information that you have requested, or send you information that may be of interest to you.

No information is sold, distributed, exchanged, or communicated to third parties unless the law requires it or you give your consent, except in the cases mentioned in this Policy.

Your personal information is therefore only used to:

• Communicate with you by email, telephone, text message, or other equivalent forms of electronic communication or in the form of informational communications related to features, products, or services, including software or security updates, when necessary or reasonable for their implementation.

• To make payments and billing, which information is then communicated to our financial service providers, where applicable.

• Automatically personalize your documents with your contact details or personal information.

All personal information we collect, whatever it may be, is confidential and will remain so. No information is transmitted to a person who does not act as an employee, agent, subcontractor, contractor, or service provider, to name a few, on behalf of OROKOM, unless the law obliges us to do so.

We share your personal information with certain trusted third-parties, including:

• Third-party providers who offer IT and internet services, financial services, and other services as well as our trusted partners. We only provide the information necessary for the execution of their mandate and we ensure that they take the necessary measures to ensure the confidentiality of the information transmitted to them.

• Governmental, regulatory, or law enforcement agencies.

• Our professional advisors, when personal information must be shared with them to carry out a specific mandate entrusted to them.

In doing so, your personal information is stored in our databases (including local storage), databases of affiliated companies, or databases maintained by third-party service providers. These suppliers are in Canada and may also be located abroad, including in France and the United States. This data will be automatically transferred to these databases, following applicable legislation. By browsing our website, you consent to such cross-border transfers of personal information in France, the United States, and other territories.

We strive to ensure that the personal information we transmit within and outside of Canada, through our partners, is adequately protected. We ensure that our partners use privacy and security protection mechanisms that are at least as effective and secure as those we use.

As a user or customer, you have a right to access, portability, rectification, or erasure of your personal information, as well as a right to withdraw consent to certain processing of said information. information. While some of these rights apply generally, others only apply in certain specific circumstances. These rights are described as follows:

a) Right of access to personal information

You have the right to access your personal information, to obtain a copy of the personal information that we process, and to obtain information about the internal processing of personal information that we carry out. If you request to know the personal information that we process, we will provide you free of charge with the following information: the purposes of the processing, the categories of personal information processed, the categories of persons who have access to your personal information, the recipients of personal information, the retention period of personal information and information on data transfers.

Each request made in this regard must be accompanied by any relevant details, including your full contact details, and submitted by email to the following address: info@orokom.com. You have the right to obtain confirmation from us as to whether your personal information is being processed and, where applicable, access to your personal information. The data controller will provide you with a copy of the personal information processed within a reasonable time.

b) Right to portability of personal information

You have the right to receive your personal information in a structured, commonly used, and machine-readable format. Each request made in this regard must be accompanied by any relevant details, including your full contact details, and submitted by email to the following address: info@orokom.com.

We will make every effort to comply with your request, with the understanding that serious practical difficulties may limit our ability to comply.

c) Right of rectification

You have the right, if necessary, to have your personal information modified, deleted, or restricted. Each request made to this effect must be accompanied by any relevant details, including your full contact details, and submitted by email to the following address: info@orokom.com.

Please note that we may correct, reconstruct, or delete incomplete or inaccurate information at any time, at our discretion. You have the right to obtain from us, within a reasonable time, the rectification of inaccurate personal information. You have the right, considering the purposes of the processing, to complete incomplete personal information, in particular by providing us with an additional statement in this regard.

d) Right to withdraw consent

You can withdraw your consent to the processing of your personal information at any time. In this case, if there is no overriding legitimate interest in continuing to process your personal information (e.g., to comply with our legal obligations, resolve disputes, implement our agreements, etc.) and such personal information is no longer necessary for the purpose initially pursued, we will delete your personal information.

Each request made in this regard must be accompanied by any relevant details, including your full contact details, and submitted by email to the following address: info@orokom.com. In addition, you have the right to obtain from us the deletion of your information and we undertake to delete your personal information within a reasonable period. Your user data will be deleted within a reasonable time following the closure of your account. However, withdrawal of your consent could terminate our provision of services or goods in cases where we are no longer able to adequately carry out our mandate. Finally, you acknowledge that certain personal information provided in the context of the provision of services or goods must be kept on file, in compliance with applicable legislation.

e) Right of refusal

You can ask us not to send you marketing communications and not to use your personal information when we carry out profiling for direct marketing purposes. You may opt out of receiving electronic newsletters and other commercial communications by following the opt-out instructions provided to you in those emails or by sending a request to do so to the following address: info@orokom.com. Please note that messages relating to transactional accounts will not be affected, even if you refuse our commercial communications.

We retain information for as long as necessary to provide services requested by our customers and other parties, resolve disputes, and enforce our agreements, subject to any legal obligation to retain information for longer. information. Information associated with your account is generally retained until it is no longer necessary to provide our services or until you ask us to delete it, or your account is deleted, whichever occurs first. They are then destroyed securely.

OROKOM undertakes to communicate the method used to store this information securely and to explain the duration of its retention, as well as the means of destruction that will be used once its use is completed or when the retention period expires. due. To do this, members of the OROKOM team will apply a protocol for destroying personal information.

You can delete your account at any time by sending a request in this regard to the following address: info@orokom.com. If you do not delete your account, we may retain and use certain personal information for a reasonable period, including to pursue legitimate business interests, resolve disputes, conduct audits, or comply with legal obligations. Additionally, we may retain information from deleted accounts to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist in investigations, and take other actions permitted by law. The information we retain will be treated following this Policy.

OROKOM takes the reasonable security measures necessary to ensure the protection of the personal information that it collects, uses, communicates, stores, or destroys, considering, in particular, the sensitivity of the information, the purpose of its use, its quantity, its distribution, and support. Using restricted access and a secure and encrypted cloud platform, OROKOM ensures that possible confidentiality incidents are limited. Measures adapted to the types of information are detailed in the Personal Information Inventory.

OROKOM always makes its policies and procedures regarding its management of personal information accessible via www.orokom.com or on request at the following address: info@orokom.com.

If you have a complaint to make regarding the application of this Policy, you can send it in writing to the following address: info@orokom.com by contacting the person responsible for the protection of personal information indicated below. Such a complaint will be handled following the legislation currently in force.

We reserve the right to make changes to this Policy at any time. We therefore invite you to consult this Policy frequently.

If OROKOM has reason to believe that a confidentiality incident involving personal information that it holds has occurred, it will take reasonable measures to reduce the risk of harm being caused and prevent new incidents of the same nature from occurring. occur. If the incident presents a risk of serious harm being caused, it must promptly notify the Commission for Access to Information. She must also notify any person whose personal information is affected by the incident. OROKOM will not share the nature of the incident with the following exception: if the person whose personal information is concerned by the incident is likely to hinder an investigation carried out by a person or by an organization that, under the law, is responsible for preventing, detecting, or repressing crime or legal infractions. A government regulation may determine the content and terms of the notices provided.

OROKOM may notify any person or organization likely to reduce this risk, by only communicating the personal information necessary for this purpose without the consent of the person concerned. In the latter case, the person responsible for the protection of personal information must record the communication with one of these third parties.

In the event of an incident, OROKOM undertakes to follow the security incident protocol and document the incident using the incident register, both explained in advance. To find out about the security incident protocol and the related process, please request it at info@orokom.com.

Mrs. Catherine Lamontagne, President and strategist, is responsible for the protection of personal information at OROKOM.

You can reach her by email at the following address: info@orokom.com, by mail at 1403 rue Shefford in Bromont (Québec), or by telephone at 450-578-0878.

If you have any questions or comments, or if you would like to know more about our Policy, we invite you to send us an email at the following address info@orokom.com.

Last updated: September 2023