Last updated: January 23, 2024

Confiseries Mondoux Inc. (“Mondoux“, “we“, “our“), a company specializing in the sale and distribution of confectionery, takes the protection of your privacy and personal information seriously. This privacy policy (“Policy“) aims to provide information and describe our data protection practices, the types of personal information we may receive or collect from you, and how we use, disclose, store, and secure them. You will also find the various ways to contact us to, among other things, exercise the rights provided herein and obtain more information as needed.

This Policy applies and is addressed to visitors of our websites (the “Websites“), namely: www.mondoux.ca – corporate site, www.sweetsixteen.ca, www.aperocandy.com, www.giacomo.ca, and www.chocolatyoma.ca. However, it should be noted that the rights and obligations described in this Policy do not cover third-party websites that may be linked or mentioned on our Websites. These third-party websites have their own privacy policy, and we encourage you to read them carefully.

The personal information you provide to Mondoux will not be used for purposes other than those provided by applicable laws and otherwise in accordance with this Policy.

By using the Websites or providing us with your personal information, you consent to their collection, use, disclosure, and retention in accordance with the terms herein. We advise you to read this Policy carefully. If you do not consent, please do not disclose your personal information to us and cease using the Websites.

1. WHAT IS “PERSONAL INFORMATION”?

This Policy applies to personal information collected, used, disclosed, and retained by Mondoux.

For the purposes of this Policy, “Personal Information” means any information about an identifiable individual, including any information that can directly or indirectly identify that person. We generally do not include business contact information as personal information when it comes to contacting you in your capacity or about your business.

This Policy does not apply to personal information of employees, consultants, or other individuals associated with Mondoux.

2. PERSONAL INFORMATION MANAGEMENT PROGRAM

To protect your personal information, we have implemented policies, practices, and procedures related to the management of the personal information we hold.

These internal policies and procedures govern the collection, use, communication, retention, and destruction of personal information, as well as the handling of complaints, information security, and Mondoux’s data governance. They also provide a framework for implementing privacy impact assessments, when necessary, as well as preventing and responding to potential confidentiality incidents. All these policies and practices have been approved by our Privacy Officer.

The collection of your personal information through our Websites complies with the requirements of this program.

Privacy Officer

Our senior executives have delegated the management of the personal information protection program to the Privacy Officer. Their duties consist of managing and monitoring Mondoux’s internal personal information management program.

It is the Privacy Officer who approves and implements personal information protection policies and procedures, ensures their proper functioning, and reports to Mondoux’s senior management on the effectiveness of the program.

How to contact the Privacy Officer?

The Privacy Officer is there to provide you with the necessary support in case of questions, complaints, or requests related to the protection of personal information:

• By mail:

Privacy Officer

CONFISERIE MONDOUX INC.
1610, Place de Lierre,
Laval (Québec) H7G 4X7

• By email:

Privacy Officer

privacy@mondoux.ca

We commit to responding promptly to your requests within 30 days.

Upon receipt of a complaint, the Privacy Officer will conduct an investigation. If the complaint is justified, the situation will be corrected. Regardless of our conclusion, we will keep you informed.

3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Mondoux must collect and process some of your personal information so that you can use our Websites.

When we collect your personal information, we ensure to collect only the information necessary to achieve one of our disclosed objectives, for example, in this Policy. We use personal information in accordance with privacy protection laws applicable to our activities.

Here is a description of the basis for the collection and processing of your personal information by Mondoux:

With your consent

As required by the privacy protection laws applicable to it, Mondoux collects most of your personal information on the basis of your voluntary consent, favoring direct collection from you.

Mondoux commits to obtaining your explicit consent for the collection of any sensitive personal information.

Other legal basis allowed, such as the performance of our contracts

As permitted by the privacy protection laws applicable to it, Mondoux may collect personal information without your explicit consent, for example, to comply with the obligations of applicable laws or to perform our contracts.

4. WHAT PERSONAL INFORMATION DO WE COLLECT?

Depending on the nature of your activity on the Websites, we may collect your personal information, including:

• Your contact details: your name and surname, your email address, your postal address, or your phone number, for identification and correspondence purposes.
• Information related to the creation of your account: your contact details such as your name and surname, your email address, and other information, like your communication preferences.

1. Demographic information: your gender, your age, and your date of birth.

• Information related to your transactions: your contact details such as your name and surname, your email address, your postal address, your phone number, and your credit card information (card number, expiration date, security code).
• Your feedback or responses to surveys, if applicable.
• Information related to the use of the Websites: for example, the date and time of visits, geolocation data (with your consent), duration of presence on the Websites, pages clicked, and IP address of connection.
• Information related to the use of your mobile devices: for example, the type of mobile device, the unique identifier, the IP address, the operating system, and the physical location of the device (geolocation, beacon location) as well as mobile identifiers such as Apple’s IDFA or Google Android’s AAID identifiers, if applicable.
• Information related to a job application: for example, your contact details such as your name and surname, your email address, your postal address, your phone number, information contained in your resume such as your professional experiences, skills, and other information.
• Any other personal information that you have voluntarily provided to us.

Personal information of minors

Given the importance of protecting children’s privacy, we do not target the Websites to a minor audience.

In cases where Mondoux might collect personal information from minors, we will require the explicit consent of the holder of parental authority, the guardian, or the minor aged 14 and over, as applicable.

If a parent or guardian discovers that their minor child has provided us with personal information without us having obtained the appropriate consent, this parent or guardian has the right, upon request, to view the personal information provided by the child and/or to require that it be deleted from our records. In this case, we ask the parent or guardian of the child to contact us at the contact details indicated in the section “Privacy Officer”.

5. WHY DO WE COLLECT YOUR PERSONAL INFORMATION?

We only collect personal information that we believe is necessary for the following purposes:

• To allow you to use the Websites, provide you with the requested services, maintain, update, and improve them;
• To respond to your questions, queries, comments, or complaints;
• To fulfill our business objectives, such as developing new products and services, improving or modifying our products and services, and hiring staff to meet these objectives;
• For data analysis purposes including identifying usage trends, and determining the effectiveness of our promotional campaigns and business activities;
• To send you administrative information, for example, information regarding our services and changes to our terms, conditions, and policies;
• To send you marketing communications that we believe may interest you, such as newsletters, unique promotional emails, direct mail, business contacts, or newsletters;
• For audit purposes, monitoring, and fraud prevention;
• To comply with any applicable law or regulation, or to act under those, including but not limited to:
• responding to requests from public and government authorities, including public and government authorities outside your country of residence;
• to protect our operations and legitimate interests or those of our subsidiaries;
• to enable us to pursue available remedies or limit the damages that we may sustain, etc.
• To facilitate and improve the use of our Websites, as long as the collected information is used proportionally to this end;
• For any other purpose to which you have consented.

If we wish to use your personal information to achieve a goal not mentioned above and for which you have not consented, we will ensure to ask for appropriate consent or inform you of the change, where permitted by law.

6. HOW DO WE DISCLOSE OR SHARE YOUR PERSONAL INFORMATION?

Your personal information will not be sold to third parties.

We share your personal information with third parties for (i) achieving our objectives, (ii) responding to requirements or requests made under applicable laws, (iii) fulfilling tasks entrusted to us by contract by our clients.

Most of the time, you have already consented to such sharing. Sometimes, applicable laws also allow us to share your personal information with third parties without your consent, in specific cases.

More specifically, we may need to share your personal information, sometimes without your consent:

• With our employees. As part of their work, our employees and officers may need to access your personal information, for example, when you contact us. Their access is limited to what is necessary to perform their tasks.
• With our service providers. Our business partners sometimes need to access or receive certain personal information to perform their services (payment provider, cloud data hosting, maintenance, analysis, fraud detection, and development). In such a case, we implement reasonable contractual and technical protection measures, including Privacy Impact Assessments, to ensure that these third parties keep strictly confidential all personal information they process.

The personal information we collect is stored on secure servers with restricted access, generally based in Canada, either on our own servers or on those of third-party service providers.

Please note that third parties may be located elsewhere than in your country, province, or territory of residence, for example, Google Analytics and Shopify, which process data in the United States. Be aware that we have contractual agreements with these third parties and providers to ensure that your personal information is processed in accordance with the laws applicable to us. Where applicable, we proceed with Privacy Impact Assessments before a transfer of personal information to another jurisdiction, for example, outside of Quebec.

• With authorities or persons authorized by law. We may share your personal information if the law requires it or if we believe in good faith that such action is necessary to:
• Comply with the law;
• Comply with the order of a competent judicial authority in any jurisdiction;
• Comply with a legal process;
• Protect and defend the rights or property of Mondoux;
• Enforce or verify your compliance with any part of the contracts you have entered into with us, if applicable;
• Prevent fraud or any other illegal activity perpetrated through the service; or
• Act in urgent circumstances to protect the personal safety of users of our services or the public in general.
• With potential buyers of our business. We may need to share your personal information without your consent in the event of a merger, acquisition, or sale, of all or part of the business, for example, as part of due diligence. In such a case, we limit sharing to what is necessary to assess the feasibility or opportunity of the transaction.

7. DURATION OF RETENTION OF COLLECTED PERSONAL INFORMATION

Mondoux will retain your personal information only for the duration required to achieve the purposes for which they were collected, in accordance with our internal document retention policies and to comply with applicable legal, tax, or regulatory requirements. The retention periods for each personal information may therefore vary depending on its use. After such a period, any concerned personal information held by Mondoux will be destroyed, deleted, or anonymized.

You may also request the deletion of your account by sending an email request.

8. WHAT SECURITY MEASURES PROTECT YOUR PERSONAL INFORMATION?

The security of your personal information is a priority for us.

Your personal information is hosted by our service providers who commit to us to use reasonable security measures to preserve the integrity and confidentiality of your personal information.

Our employees and providers are informed of the confidential nature of the personal information collected and are sensitized to appropriate security measures to prevent unauthorized access to personal information.

We maintain our service and all associated data with technical, administrative, and physical protection measures to protect you against loss, unauthorized access, destruction, misuse, modification, and inappropriate disclosure of your personal information. These protection measures vary according to the sensitivity of the data in our possession and are inspired by the best industry standards. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

If you have questions about the security of your interaction with us (if, for example, you feel that the security of any account you may have with us has been compromised), you can contact us at privacy@mondoux.ca.

9. WHAT ARE YOUR RIGHTS?

Depending on applicable laws, where you reside, and how you interact with the Websites, certain rights may be granted to you regarding the personal information we hold about you.

For example, you might have the right:

• To obtain access to the personal information we hold about you;
• To correct the personal information we hold that is inaccurate, ambiguous, or incomplete;
• To obtain additional information, for example, about the categories of third parties to whom we communicate your personal information;
• To request the portability of your personal information in a structured, commonly used, and machine-readable format;
• To withdraw your consent at any time if we have collected and processed your personal information with your consent. The withdrawal of your consent will not affect the lawfulness of processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted on the basis of legitimate processing grounds other than consent.
• To refuse promotional communications sent by Mondoux;
• To file a complaint with a personal information protection authority, for example, with a privacy commissioner or the Access to Information Commission.

Filing a complaint

You can file a complaint with Mondoux’s Privacy Officer if you are not satisfied with our management of your personal information or compliance with this Policy.

You are also allowed by law to file a complaint with a privacy commissioner or any other competent personal information protection authority.

Exercising your rights

You can review, correct, update, modify, or delete the personal information you have provided to us using your account. Simply log in to your account and make the changes.

You can also exercise your rights listed above by making a written request to our Privacy Officer. They can assist you in your efforts if you need help.

For your protection, we will only process requests to exercise rights coming from the same email address that you use to log in to your account. We may also need to verify your identity before processing your request. Depending on applicable laws, we will inform you of the procedure to follow, the processing time, and the required information, if applicable. We try to respond to requests quickly, usually within 30 days.

In the context of the processing activities covered by this Policy, Mondoux does not make decisions based solely on automated processing that produces legal effects or similarly significant effects.

10. WHAT ARE YOUR CHOICES REGARDING THE USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION?

The information you provide may be used by Mondoux for marketing purposes, including, but not limited to, unique promotional emails, direct mail, and business contacts. We offer you several choices regarding our use and disclosure of your personal information for marketing, location data, Cookies, or online advertising. You can disable:

• Our electronic communications for marketing purposes: You can refuse to receive these emails by sending a request to be removed from the list to privacy@mondoux.ca. You can unsubscribe from our electronic mailing lists at any time. If you request it, we will not use your contact details for marketing purposes thereafter.
• Certain location data: You can disable the use of certain location data on your device.
• Non-essential cookies: You can disable these Cookies according to the procedure mentioned in the section “COOKIES AND SIMILAR TOOLS“.

11. COOKIES AND SIMILAR TOOLS

A cookie is a small text file that is stored in a dedicated location on your computer, mobile device, tablet, or any other device when you use your browser to visit an online service. This Policy includes in the term “Cookie” other tracking technologies, including web beacons and tracking pixels. These tracking technologies are not necessarily stored on your computer or device. All personal information we collect using Cookies or on our behalf is treated with the same level of confidentiality as all other personal information we hold.

Essential Cookies

These Cookies are necessary for the operation of the Websites and provide basic functions and may include maintaining your session and preventing security threats. We cannot disable these Cookies in our systems without affecting the operation of the Websites. However, if you wish, you can block or delete them by changing your browser settings and forcing the blocking of all Cookies on the Websites.

Non-essential Cookies

Non-essential Cookies provide certain non-essential functionalities on our Websites, for functional, analytical, or advertising purposes. We will ask for your consent before using these Cookies.

• Functional Cookies: We use these Cookies to facilitate non-essential functionalities of our Websites, such as integrating content such as videos or sharing content from the Websites on social media.
• Advertising Cookies: Our Websites display advertisements. These Cookies help us track the effectiveness of our advertising campaigns and customize our advertisements so that they are meaningful to you.
• Analytical Cookies: These Cookies store information such as the number of visitors to our Websites or the pages they visited. They help us understand and analyze the performance of our Websites and potential improvements.

How to manage Cookies

You can manage and disable Cookies through your browser’s Cookie settings and your mobile device’s advertising settings. However, if you refuse Cookies, you might not use all the features of the Websites, and you will continue to receive advertising, but it will no longer be as tailored to your needs.

Analytics tools

If you consent, Mondoux uses analytics tools to analyze your browsing behaviors on our Websites. In addition, we use the Google Analytics tool offered by Google LLC (“Google“), to collect information on how you navigate our Websites. You can obtain more information about Google Analytics here.

Targeted advertising

Mondoux also collaborates with third-party advertising companies, such as Facebook Ads, which collect and use information about your visits to our Websites to present you with advertising that may interest you. Mondoux does not communicate any information allowing advertising companies to identify you. Mondoux also uses Facebook’s custom audience function to target advertising related to the interests of its current and potential customers. We invite you to check your Facebook privacy settings if you wish to manage your advertising settings. You can obtain more information here.

Social media features

Our Websites include social media features such as LinkedIn, Facebook, or Twitter sharing buttons, or interactive mini-programs that run on our Websites. If you use these features, they collect your IP address, the page you are visiting on our Websites, and create a Cookie to enable these features to function properly. These features may be hosted by a third party or directly on our Websites.

12. CHANGES TO THE POLICY

We review the Policy from time to time to comply with applicable laws and respect our operations. If we significantly update this Policy, we will notify you by sending a notice either on our Websites or by email. However, in any other circumstance, the publication of a new version of the Policy on our Websites or your continued use of the Websites will suffice in terms of notice and consent to the changes to the Policy.

13. TECHNICAL SUPPORT

For any questions related to a technical problem of the Websites regarding your access or use of its functionalities, we invite you to contact us at the following address: support@mondoux.ca