Voûte Esthetik, a corporation incorporated in Québec, Canada (hereinafter “we“, “our” or “us“), is committed to protecting and respecting the privacy of users (hereinafter “you“, “your” or “yours“) in connection with the use of our software (hereinafter the “Platform“). This Privacy Policy explains how we collect, use, host, and disclose your personal information, as well as that of your clients, when you use our Platform.

We may collect and process the following types of data:

We use your information to:

Your personal data is hosted in Canada on Google Cloud Platform (GCP). GCP uses secure infrastructure and built-in protection features, and regularly undergoes independent audits of its security, privacy, and compliance controls. The ISO/IEC 27001 certification of our server at GCP is an internationally recognized standard that ensures information is protected through a rigorous set of security processes. This certification ensures that data is processed and hosted securely, thereby reducing the risks of breaches or data loss.

However, please note that no method of transmitting information over the Internet or hosting information is completely secure. You are responsible for protecting your credentials and ensuring that you are connected to a secure network.

If you access the Platform or reside outside Canada, it is your responsibility to verify that your use of our services complies with the laws and regulations in force in your country, since your data will be hosted outside your country, namely in Canada.

All personal data is generally stored and processed in Canada. However, certain specific third-party services may process and store personal data in other countries, including the United States.

We use a payment service provider (the “Payment Provider”) to process all financial transactions related to our services. We do not collect, process, store, or host any personal banking data. This information is collected, processed, and hosted directly by the Payment Provider on our behalf. Currently, our Payment Provider is Global Payments, a company based in Atlanta, United States. We have verified that the Payment Provider complies with applicable privacy requirements.

We may share your personal information with:

Before sharing personal data with third parties, we ensure that they have appropriate safeguards in place and that they comply with our Privacy Policy and applicable privacy laws.

Information about you, including personal data, may be transferred as part of any merger, reorganization, or sale involving all or part of our business, as well as in the event of insolvency, bankruptcy, or receivership.

Since our collection and processing may include health-related information, which is sensitive personal data, explicit consent is required from you and from your clients before any collection and processing of such data.

This consent may be withdrawn at any time. You may do so temporarily by requesting that your account be suspended, or permanently by closing your account with us.

Your clients may withdraw their consent to the collection and processing of their personal data by contacting you directly.

You agree to inform us immediately in the event of unauthorized or malicious use of their account access by a third party.

If we become the victim of a personal data breach, we will inform you of the nature of the breach, its likely consequences, and the measures proposed to remedy it, within the time limits prescribed by applicable privacy laws. In the event of a breach presenting a significant risk of harm to you and your clients, we will also notify the competent authorities. We will also provide you with the required assistance to notify your clients, taking into account the risk of harm, and within the time limits prescribed by applicable privacy laws.

A cookie is a small text file placed on your computer or other device when you visit a webpage. Its purpose is to collect information related to your browsing, in order to deliver services adapted to your device.

We use cookies and similar technologies to:

Some cookies are used to recognize users when they visit other websites, enabling our third-party advertising providers to show you ads based on your interests, according to your visit to our site.

There are different ways to disable or block interest-based online advertising. You can find this information by searching the Internet.

Please note that some cookies are required for our website to function. They are used for operational purposes such as security, session management, language preferences, and technical support.

You may, at any time, change your consent to accept or refuse all non-essential cookies, or some of them.

In accordance with Canadian and Québec data protection laws, you have the right to:

To exert these rights, please contact us at: support@esthetikvault.com

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website and by changing the “Last updated” date at the top of this page.

REQUEST FOR ACCESS TO OR MODIFICATION OF PERSONAL INFORMATION

Submitting a request: You may submit a request to access or modify your personal information by sending an email to support@esthetikvault.com or by contacting Valérie Castonguay, the person responsible for data protection.

Identity verification: To protect data confidentiality, we will verify your identity using the email address you use to send us your request.

Processing time: We commit to processing any request within a maximum of thirty (30) days, in accordance with legal requirements.

Response to the request: Once the request has been processed, the information will be provided, modified, or deleted according to your instructions, unless a legal exemption applies.

REQUEST FOR DATA DELETION

Deletion procedure: You may request the deletion of your personal data at any time. We will then delete the information in accordance with the law and provide written confirmation.

DATA RETENTION

Retention period: Your inactive personal data will be retained as long as necessary to fulfill the purposes described in the Privacy Policy, unless a longer retention period is required or permitted by law.

Data Protection Officer: Valérie Castonguay is the designated person responsible for overseeing compliance with data protection regulations. You can contact her by email at valerie@esthetikvault.com for any questions or requests.