Boréalis Privacy Statement and Policy

Effective as of May 5, 2017

Boreal – Information Strategiques 2014 Inc. (“Boréalis” or the “Company”) is committed to protecting the privacy of individuals who visit its Websites (“Visitors”) and persons who are users of the Boréalis Online Service, as such expressions are defined below (“Customers”). This Privacy Statement and Policy (the “Policy”) describes Boréalis’ privacy and personal information protection practices in relation to the use of the Company’s Websites by Visitors and Service by Customers.

Scope of this Policy

This Policy applies to the information that we obtain through your use of the Boréalis Properties via a Device or when you otherwise interact and communicate with Boréalis.

Websites” include our web sites, such as, including their related sub-domains and pages.

Boréalis Online Service” includes the managed and SaaS versions of the Boréalis product, but does not include other Boréalis products and services for which a separate privacy policy exists as well as Third Party Products.

The Boréalis Websites and Boréalis Online Service constitute what we refer to in this Policy as the “Boréalis Properties”.

Third Party Products” are websites, products and services made by third parties and that may be integrated within the Boréalis Properties. You should always refer to the privacy policies about Third Party Products as they may have different terms than the present one.

A “Device” is any computer used to access the Boréalis Properties, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.

Types of Information Collected

User Information” is personal information that we may collect from your use of the Boréalis Websites as well as your interactions with us offline. Personal information is information that identifies an individual or relates to an identifiable individual. Examples of User Information include information provided by a Visitor or Customer about her or himself, including her or his name, e-mail and physical address, telephone number, billing information, company affiliation and associated interests. Boréalis may also collect other information about Visitors and Customer and some employees, for example through its Websites, as part of that interaction.

Boréalis may also collect other information through your interaction with and use of the Websites as well as your interactions with us offline, which does not reveal your identity or directly relate to you. Such other information may include, but is not limited to, browser and Device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical, anonymized and aggregated information. Statistical, anonymized or aggregated information does not directly identify a specific person, but it may be derived from Personal Information. For example, we may aggregate Personal Information to calculate the percentage of users in a particular postal or zip code.

Online Service Data” is data that is stored on Boréalis’, Customers’ or third-parties’ systems to which Boréalis is provided access to perform services or provide functionality. Such data may include personal information about the customer’s employees, customers, partners, suppliers or Stakeholders. Boréalis treats Online Service Data according to the terms of this policy, and also treats it as Confidential Information in accordance with the terms of the agreement governing Customers’ access to and use of the Boréalis Online Service.

How Boréalis Collects User Information

Boréalis and its third party service providers may collect both personal information and other information from a variety of sources that generally fall into three categories:

  • Direct Interactions: From your use of and interaction with us through the Boréalis Websites and other activities such as account creation, submission of registrations and forms, or sales inquiries and transactions.
  • Publicly Available Data / Data from Third Parties: Other data you may have made publicly available, such as social media posts, or data provided by third party sources, such as marketing opt-in lists, or data aggregators.
  • Automated Interactions: From the use of technologies such as electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools.

Although Boréalis’ use of Automated Interactions may change over time as technology evolves, the following descriptions are designed to provide you with additional detail about Boréalis’ current approach to information collected from Automated Interactions.

Electronic Communications Protocols: As is the case when you visit most websites and apps, Boréalis may automatically receive information from you as part of the communication connection itself, which often consists of network routing information (where you came from), equipment information (browser type), your IP address (which may identify your general geographic location or company), and date and time.

Boréalis may also automatically receive and record information about your interaction with the Boréalis Websites, such as clickstream information (when each Boréalis webpage was visited and how much time was spent on the page), web analytics or general geo-location data.

Cookies: Boréalis’ server will query your browser to see if there are “cookies” previously set by the Boréalis Websites. A cookie is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. Cookies may collect information, including a unique identifier, user preferences, profile information, membership information, and general usage and volume statistical information. Cookies may also be used to collect individualized website usage data, provide electronic website experience personalization, or conduct and measure the effectiveness of advertising in accordance with this Policy. Some cookies may remain on users’ computers after they leave the Boréalis Websites. While the majority are set to expire within 1-24 months of a user’s last visit to the website that set the cookie, others may not expire because of their nature, like cookies that remember opt-out preferences.

Your browser may provide you with information and control over cookies. You can set your browser to alert you when a cookie is being used, and accept or reject the cookie. You can also set your browser to refuse all cookies or accept only cookies returned to the originating servers. Users can generally disable the cookie feature on their browser without affecting their ability to use a site, except in some cases where cookies are used as an essential security feature necessary for transaction completion. Cookies, however, are important to the proper functioning of a site, and disabling them may degrade your experience and interfere with website features and customizations.

Embedded Pixels and Similar Technologies: On the Boréalis Websites, Boréalis and its service providers may use embedded pixel technologies for the purposes of identifying unique user visits (as opposed to aggregate hits), and for advertising purposes. In addition, embedded pixels or other technologies may be used in e-mails and our online display advertising to provide information on when the e-mail or ad was opened to track marketing campaign responsiveness; information collected using these technologies may be associated with the recipient’s e-mail address.

Widgets, Buttons, and Tools: The Boréalis Websites may include widgets, which are interactive mini-programs that run on our site to provide specific services from another company (e.g., links to bookmarked sites), along with buttons or other tools that link to other companies’ services (e.g., a “Like” button or third party map). The widget, button or tool may collect and automatically send personal information, such as your e-mail address, or other information (such as your browser information, or IP address), to a third party. Cookies may also be set or used by the widgets, buttons or tools to enable them to function properly or for other purposes, which may include advertising. Information collected or used by a widget, button or tool, including cookie settings and preferences, is governed by the privacy policy of the company that created it.

Physical Location: We may collect the physical location of your device and use it to provide you with personalized location-based services or content. In some instances, you may be permitted to allow or deny such use of your device’s location, but if you choose to deny such use, we may not be able to provide you with the applicable personalized services or content.

Analytics Information Derived from Website and Online Service Data: Analytics information also consists of data we collect as a result of running queries against Online Service Data across our user base for the purposes of generating Usage Data. “Usage Data” is anonymized and aggregated data about a group or category of services, features or users that does not contain User Information or other personal information. For example, we may query Online Service Data to determine statistics on usability, or we may query Online Service Data to determine industry data trends in order to better understand the composition of our user base.

Though we may happen upon sensitive or User Information as we compile Usage Data from Online Service Data across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Online Service Data of any particular Customer.

How Boréalis Uses User Information Collected

Boréalis uses and shares the User Information it collects (unless directed otherwise by applicable law), to:

  • Engage in Transactions. Boréalis may use User Information to engage in transactions with you.
  • Process Transactions. Boréalis may use User Information along with, financial, credit card, and payment information, to process your transactions.
  • Provide Support or Other Services. Boréalis may use your User Information to provide you support or other services you have ordered, as well as product updates, product patches and fixes and other similar operational communications.
  • Tailor Marketing to Your Needs and Respond to Your Requests. Boréalis may use your User Information to notify you about new product releases and service developments, and to advertise Boréalis’ products and services in accordance with this Policy. Your Website visit, marketing experience, and communications may be tailored to your interests based on your User Information. Boréalis may also use User Information in order to respond directly to your information requests (including newsletter registrations or other specific requests), or pass your contact information to the appropriate Boréalis partner for further follow-up related to your interests. In addition, if you consent, Boréalis may share your User Information with other selected partners that offer complementary products or services. Please review the specific partner’s privacy policy regarding any further interactions with them.
  • Interact with You on Third Party Social Networks. Boréalis may use your Personal Information to interact with you on third-party social networks. Boréalis’ interactions with you on a third-party social network would be subject to that network’s privacy policies and terms of use.
  • Administer Product Usage and Licensing Compliance. If you download or use products from the Boréalis Websites, Boréalis uses User Information to: confirm certain information about your order; discuss the ordered products or services; or provide marketing or sales information about related products and services. Boréalis also may use User Information to contact you, confirm compliance with licensing and other terms of use, and may share it with your company.
  • Select Content, Improve Quality and Facilitate Use of the Websites and Online Service. Boréalis may use your Personal Information to help create and personalize content on the Boréalis Websites and Online Service, facilitate your use of the Boréalis Websites and Online Service (for example, to facilitate navigation and the login process, avoid duplicate data entry, enhance security, keep track of orders and preserve order information between sessions), improve quality, track marketing campaign responsiveness (including online advertising and e-mail marketing), and evaluate page response rates.
  • Obtain Third Party Services. We may also share User Information with third parties who provide services to Boréalis, such as credit card processing services, order fulfillment, analytics, event / campaign management, Website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar services. When Boréalis shares User Information with third party service providers, we require that they use your User Information only for the purpose of providing services to us and subject to terms consistent with this Policy.
  • Improve Products, Services, and Experiences. Boréalis may use your User Information to evaluate and improve our products, services, marketing, and customer relationships.
  • Post Testimonials. We post testimonials on the Boréalis Websites that may contain User Information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update or delete your testimonial, please contact us at, and be sure to include your name, testimonial location, and contact information.
  • Power Joint Sales or Product Promotions. Boréalis and its partners may engage in joint sales or product promotions. Such promotions will always reference the partners involved. Both Boréalis and the partner(s) will have access to that information, and either Boréalis or our partners may provide you the sales or product promotion information. Each party will be responsible for managing their own use of the User Information collected for the joint sale or product promotion. We recommend you review the privacy policies of these partners to address any questions you have regarding their handling of your information.
  • Communicate with You about a Conference or Event. We or our partners may communicate with you about a conference or event hosted or co-sponsored by Boréalis or one of our partners. This may include information about the event’s content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation that we may provide related to your event registration. After the event, Boréalis may contact you about the event and related products and services, and may share information about your attendance with your company. Where legally permitted, Boréalis will also allow designated partners or conference sponsors to send you communications related to your event attendance. Please note that our partners or conference sponsors may directly request your personal information at their conference booths or presentations. You should review their privacy policies to learn how they use personal information.
  • Comply with Legal Requirements and Corporate Transactions. Boréalis may disclose your User Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and contracts with you; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the User Information we have collected to the relevant third party.

Some of the User Information uses specified above are not mandatory and may be controlled by you. Please refer to the “Registration, Preferences and Opt Out” section below for information on available use preferences or opt-out options, or view the summary of your privacy choices.

Registration, Preferences and, Opt-Out

A list of your current privacy choices is listed below:

Preferences and Opt-Out.

  • E-mail Marketing. Boréalis enables you to opt out of marketing communications. You may opt out of e-mail marketing by modifying your online profile as described above or by using our general unsubscribe automated link that is included in Boréalis marketing e-mails. If you have any problems using any of these opt-out mechanisms, please contact us.

Some non-marketing communications are not subject to general opt-out, such as communications related to product access and use, sales transactions, software updates and other support related information, patches and fixes, conferences or events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Some additional communications with partners are also not subject to general-opt out, including product alerts, updates, contractual marketing and sales materials, and other notices related to partner status.

Access Request

You can always request access, inquire about or make corrections to your User Information in our possession, by writing to us at:

How Boréalis Accesses, Collects and/or Uses Online Service Data

Below are the conditions under which Boréalis may access, collect and/or use Online Service Data:

  • To Provide Services and to Fix Issues. Online Service Data may be accessed and used to perform services under an agreement order for support, consulting, application or other services and to confirm your compliance with the terms of your agreement with Boréalis. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues you have reported to Boréalis. Any copies of Online Service Data created for these purposes are only maintained for time periods relevant to those purposes.
  • As a Result of Legal Requirements. Boréalis may be required to retain or provide access to Online Service Data to comply with legally mandated reporting, disclosure or other legal process requirements.

Boréalis may use Online Service Data as required for the purposes specified above. If Boréalis hires subcontractors to assist in providing services, their access to Online Service Data will be consistent with the terms of your agreement for services and this Policy. Boréalis is responsible for its subcontractors’ compliance with the terms of this Policy and your agreement.

Boréalis does not use Online Service Data except as stated above or in your agreement. Boréalis may process Online Service Data, but does not control your collection or use practices for Online Service Data. If you provide any Online Service Data to Boréalis, you are responsible for providing any notices and/or obtaining any consents necessary for Boréalis to access, use, retain and transfer Online Service Data as specified in this Policy and your agreement.

Access Controls

Boréalis’ access to Online Service Data is based on job role/responsibility. Online Service Data residing in systems hosted by Boréalis or on its behalf and is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. As a Customer, control access to Online Service Data by your end users; end users should direct any requests related to their personal information to you.

Security and Breach Notification

Boréalis is committed to ensuring the security of User Information. We utilize robust precautions to protect the confidentiality and security of the personal information within the Boréalis Properties, by employing technological, physical and administrative security safeguards, such as firewalls and carefully-developed security procedures.

Boréalis security policies cover the management of security for both its internal operations as well as its applications. These policies, which are aligned with the standards established by the Cloud Security Alliance (CSA), govern all areas of security applicable to services and applications and apply to all Boréalis employees.

Boréalis is also committed to reducing risks of human error, theft, fraud, and misuse. Boréalis’ efforts include making personnel aware of security policies and training employees to implement security policies. Boréalis employees are required to maintain the confidentiality of Services Data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

Boréalis promptly evaluates and responds to incidents that create suspicions of unauthorized handling of Online Service Data. If Boréalis determines that your Online Service Data has been misappropriated (including by a Boréalis employee) or otherwise wrongly acquired by a third party, Boréalis will promptly report such misappropriation or acquisition to you.

Customer Responsibility Toward Stakeholders Information

One of the key functionality of the Boréalis Online Service is to facilitate the gathering, collection and processing of information, including personal information, of stakeholders involved in our customers’ projects (such individuals, whose personal information is collected, stored and processed by Customers using the Boréalis Online Service being referred to herein as “Stakeholders”).

While Boréalis commits to maintaining the Online Service Data (which includes certain personal information of Stakeholders) it holds on behalf of its Customers secure and confidential, the responsibility toward Stakeholders for the gathering, collection, maintenance, processing and proper destruction of their personal information always rests with our Customers.

Hosting and Data Transfer

We are based in Canada, but, unless we expressly agree otherwise (including through our Terms), we may host and process data, including personal information, in Canada and in other countries through the Boréalis group and third parties that we use to operate and manage the Boréalis Properties. When you access or use the Boréalis Online Service, or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or end-users, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to Canada and other countries which may have different privacy laws from your or their country of residence.

Changes to the Privacy Policy

If we make any material changes to this Policy, we will notify you by email or by posting a prominent notice on the Boréalis Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Boréalis Service constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Boréalis Properties.


Boréalis has appointed a Privacy Officer. If you believe your User Information or Services Data has been used in a way that is not consistent with this Policy, or if you have further questions related to this Policy, please contact the Privacy Officer. Written inquiries may be addressed to Privacy Officer, 175, rue Péladeau, Magog (Québec) J1X 5G9 Canada or by email, at