Privacy Policy
1. Introduction
Syspark Inc. ("Syspark", "we", "our") places fundamental importance on the protection of personal information. This policy describes how we collect, use, store, and protect the personal information of visitors to the syspark.com website.
This policy is established in accordance with:
- Quebec's Law 25 (Act to modernize legislative provisions respecting the protection of personal information, 2021)
- The General Data Protection Regulation (GDPR) of the European Union for European visitors
- PIPEDA (Personal Information Protection and Electronic Documents Act) of Canada
2. Data Controller
Syspark Inc.
Head office: Montréal, Quebec, Canada
Office: Paris, France
Email: [email protected]
Website: https://syspark.com
3. Privacy Officer
In accordance with section 3.1 of Quebec's Law 25, Syspark has designated a person in charge of the protection of personal information:
Chief Information Officer (CIO) of Syspark Inc.
Email: [email protected] (or [email protected])
Any question regarding the processing of your personal information, any access, rectification or erasure request, as well as any complaint may be addressed to this person directly.
4. Personal Information Collected
4.1 Data collected via the contact form
When you fill out our contact form, we collect only the information you voluntarily provide:
| Data | Type | Purpose |
|---|---|---|
| Full name | Required | Identification and personalization of response |
| Business email | Required | Response to your request |
| Company | Optional | Contextualization of request |
| Type of need | Required | Routing to the appropriate expertise |
| Message | Optional | Understanding of context |
4.2 Technical data collected automatically
During your visit, for strictly technical and security purposes, the following information is collected:
- IP address: anti-fraud protection, rate limiting
- User agent (browser): automated bot detection
- Visit timestamp: security logging
- Pages visited: via technical server logs
This data is used solely for the security and proper functioning of the site. No data is exploited for advertising, marketing, or profiling purposes.
5. Cookies and Trackers
We use no advertising cookies, no audience measurement cookies with profiling, and no third-party trackers. Our site does not have a cookie consent banner, as the only cookies present are strictly necessary for the site to function (exempt from consent according to the CNIL and Quebec's CAI).
| Cookie | Origin | Purpose | Duration |
|---|---|---|---|
__cf_bm | Cloudflare | Protection against automated bots | 30 minutes |
cf_clearance | Cloudflare | Security challenge validation | 30 days |
lang_pref | Syspark | Language preference memory (FR/EN) | 1 year |
Legal basis: legitimate interest / strictly necessary service (GDPR art. 6.1.f, Law 25 section 8.1 — exemption for strictly necessary cookies).
You can delete these cookies at any time via your browser settings, without major impact on browsing.
6. Processing Purposes
Your personal information is processed exclusively to:
- Respond to your commercial and technical contact requests
- Ensure the security of the site (protection against attacks, fraud, abuse)
- Comply with our legal and regulatory obligations
We do not perform automated profiling, no automated decisions producing legal effects, and no direct marketing activity from contact form data without your explicit consent.
7. Legal Basis for Processing
In accordance with GDPR (art. 6) and Quebec's Law 25:
- Contact form: execution of pre-contractual measures at your request (GDPR art. 6.1.b) and explicit consent by form submission (Law 25)
- Technical cookies: legitimate interest of the controller and exemption for strictly necessary cookies
- Security logging: legitimate interest in protecting the site and its visitors
8. Data Retention Period
| Data type | Retention period |
|---|---|
| Contact requests (emails) | 3 years after last exchange |
| Site access logs | 12 months maximum |
| Security logs (rate limiting, submission attempts) | 12 months maximum |
| Technical cookies | As per table in section 5 |
Beyond these periods, data is deleted or anonymized.
9. Data Recipients
9.1 Syspark personnel
Your personal information is accessible only to Syspark employees who need it in the performance of their duties (sales, technical, management).
9.2 Technical sub-processors
To ensure the operation and security of the site, we use the services of:
| Sub-processor | Role | Location | Legal framework |
|---|---|---|---|
| Cloudflare Inc. | CDN and DDoS protection | United States (global servers) | Standard contractual clauses (SCC), Cloudflare DPA |
| Syspark (infrastructure) | Web and email hosting | Montréal (Canada) and Paris (France) | In-house infrastructure |
No other third party receives your data. We do not use any third-party analytics service, advertising tool, integrated social network, or third-party form service.
9.3 Transfers outside Quebec and outside the EU
The Cloudflare service, used only for attack protection and content acceleration, may result in technical data transit through servers located in the United States. This transfer is governed by the Standard Contractual Clauses approved by the European Commission and by Cloudflare's DPA compliant with Law 25.
A Privacy Impact Assessment (PIA) has been conducted to govern this transfer.
10. Your Rights
You have the following rights concerning your personal information:
Under Quebec's Law 25 and PIPEDA
- Right of access: obtain a copy of your personal information
- Right of rectification: correct inaccurate or incomplete data
- Right to withdraw consent
- Right to data portability (effective since September 2024)
- Right to file a complaint with the Commission d'accès à l'information du Québec
Under GDPR (EU visitors)
- Right of access (art. 15)
- Right to rectification (art. 16)
- Right to erasure (art. 17)
- Right to restriction of processing (art. 18)
- Right to data portability (art. 20)
- Right to object (art. 21)
- Right to lodge a complaint with a supervisory authority (CNIL in France)
How to exercise your rights
Write to us at [email protected] specifying your request and attaching proof of identity if necessary. We will respond within a maximum of 30 days.
11. Data Security
Syspark implements appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
- TLS 1.2+ encryption for all communications between your browser and our servers
- Attack protection via Cloudflare (DDoS, bots, injections)
- Form protection via in-house multi-layer anti-spam system (rate limiting, validation, suspicious content detection)
- Sovereign hosting: our servers are located in Canada (Montréal) and France (Equinix PA2/PA3 datacenter certified ISO/IEC 27001:2022)
- Restricted access to data, with logging of sensitive access
- Regular backups and business continuity plan
12. Confidentiality Incident
In accordance with Law 25 (section 3.5), in the event of a confidentiality incident presenting a serious risk of harm, Syspark:
- Takes, without delay, reasonable measures to reduce risks and prevent recurrence
- Notifies the Commission d'accès à l'information (CAI)
- Informs affected individuals
An internal register of confidentiality incidents is maintained.
13. Policy Modifications
This policy may be updated to reflect legal, technical, or operational changes. The date of the last update is indicated at the top of this document. In the event of substantial modifications, we will inform users via the site.
14. Contact
For any questions regarding this policy or your personal information:
Syspark Inc.
Email: [email protected] (or [email protected])
You may also contact supervisory authorities:
- Commission d'accès à l'information du Québec: cai.gouv.qc.ca
- Office of the Privacy Commissioner of Canada: priv.gc.ca
- CNIL (France, for EU visitors): cnil.fr
See also: Personal Information Governance Policy