As a cybersecurity consulting firm, we collect, use and disclose information on a daily basis in order to render our services. Confidentiality is important to us, and we use all information, especially personal information, in accordance with generally accepted industry standards and best practices.
- Who we are and what we do?
Bradley & Rollins inc. and its affiliated entities, including Bradley & Rollins France (“BR”, “we”, “us” or “our”) is an international consulting firm specializing in cybersecurity. Unless we notify you otherwise, BR is the “data controller” of your personal information, i.e. the organization who alone or jointly determines the purposes for which, and the manner in which, any personal information is, or is likely to be, processed.
- What personal information do we collect?
We may collect and process different types of personal information in the course of operating our business and providing our services. These include:
- Contact information such as name, physical address, email address and telephone number;
- Biographical information such as job title, employer, photograph and video or audio content;
- Marketing, communication preferences and related information;
- Billing and financial information such as billing address, bank account and payment information;
- Services information such as details of services that we have rendered to you;
- Recruitment information such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment or association to or with BR;
- Website usage and other technical information such as details of visits to our websites or information collected through cookies, your interaction with our online advertising and content and other tracking technologies;
- Information provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include sensitive categories of personal information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sexual orientation, etc.);
- Identification and other background verification data such as a copy of driver’s licence, passports or utility bills or evidence of beneficial ownership or the source of funds to comply with anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
- Any other personal information provided. Please note that if you provide personal information to us about other people (such as your customers, directors, officers, shareholders or beneficial owners), you must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure;
- Where applicable, Records of consent given to us (date, time, means of consent), in circumstances where such consent is need for the processing of personal information; and
- In accordance with the applicable law and/or for a legitimate purpose.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are a minor under 16 years old, please do not provide us with any personal information without the express consent of a parent or guardian. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minor children without verification of parental consent, we will take steps to remove that information from our servers.
- How do we collect your personal information?
We collect your personal information from yourself and during interactions with you:
- During the course of providing consulting services to you;
- When you register for seminars, training, newsletters;
- When you request or register for content, a demo or any other material provided on our website.
We also collect information publicly available notably in public platforms, including our website.
- How do we use personal information?
We may use personal information in the following ways, either with your consent or, where applicable, in accordance with applicable law, such as:
- To provide our cybersecurity and other services and to conduct our business, to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us.
- To respond to enquiries, requests for information or requests for documents from visitors to our websites.
- To facilitate use of our websites and to ensure content is relevant and to ensure that content from our websites is presented in the most effective manner for you and for your device.
- For marketing and business development purposes – to provide details of new or improved services, cybersecurity updates, relevant news and invitations to seminars and events where an individual has chosen to receive these. You may unsubscribe at any time;
- For research and development purposes (including from a security perspective) – analysis in order to better understand our clients’ services and marketing requirements and to better understand our business and develop our services and offerings. You may unsubscribe at any time;
- For recruitment purposes – to enable us to process applications for employment and to assess your suitability for any position for which an individual may apply at BR.
- To fulfil our legal, regulatory, or risk management obligations – to comply with our legal obligations (performing client due diligence/“know your client”, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests).
- To fight against fraud and/or other relevant background checks, notably as may be required by applicable law and regulation and/or best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them). Where we process sensitive categories of personal information we may also rely on substantial public interest (prevention or detection of crime) or legal claims;
- To enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties.
- To ensure that we are paid – to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings).
- With whom do we share personal information?
BR is a global cybersecurity firm and as such, any personal information that we collect may be shared with and processed by any BR entity within our network. We may also share personal information with certain third parties such as:
- Third-party service providers and/or partners who provide website, application development, hosting, maintenance, and other services to us. These third parties may have access to, or process personal information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
- Law enforcement and governmental entities when required by law. For greater clarity, we may disclose personal information or other information if required to do so by law or in the good faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies;
- An acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets; and
- We will only use personal information to fulfil the primary purpose and applicable legitimate purpose it was collected for, or for a purpose compatible with that primary purpose.
- How long do we keep personal information?
We will only keep personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy Privacy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which personal information will be kept, please contact us as set forth in the “How to contact us?” section.
- Where do we store personal information?
As a global cybersecurity consulting firm, personal information may be stored and processed in any country where we have facilities or in which we engage third party service providers (i.e. Canada, United States and France). You consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country of residence. While such information is outside of your country of residence, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
- How do we protect personal information?
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. We have taken steps to ensure that the only personnel, under a duty of confidentiality, who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe personal information has been compromised, please contact us as set forth in the “How to contact us?” section.
- What rights does someone have in relation to its personal information?
Under certain circumstances and in accordance with applicable data protection laws, an individual has the following rights:
- Access: entitled to ask if we are processing information and, if we are, request access to personal information. Subject to applicable law and, where applicable, payment of a possible fee, this enables the individual to receive a copy of the personal information we hold and certain other information about him or her or it;
- Accuracy: we are required to take reasonable steps to ensure that the personal information in our possession is accurate, complete, not misleading and up to date; and
- Correction: entitled to request that any incomplete or inaccurate personal information we hold be corrected.
Under the GDPR, you may be entitled to the following additional rights:
- Erasure: entitled to ask us to delete, destroy or remove personal information in certain circumstances. There are certain exceptions where we may refuse a request for erasure or destruction, for example, where the personal information is required for compliance with law or in connection with claims or required by contract between the parties;
- Restriction: entitled to ask us to suspend the processing of certain personal information, for example to establish its accuracy or the reason for processing it;
- Transfer: request the transfer of certain personal information to another party;
- Objection: one may challenge when we are processing personal information based on a legitimate interest (or those of a third party) or for certain direct marketing purposes. However, we may be entitled to continue processing information;
- Automated decisions: contest any automated decision made where this has a legal or similar significant effect and ask for it to be reconsidered; and
- Consent: where we are processing personal information with consent, withdrawal of consent in the circumstances permitted by law.
Finally, you have also a right to make a complaint with a data protection supervisory authority, in particular in the country/province/state where you normally reside, where we are based or where an alleged infringement of data protection law has taken place.
To exercise any of these rights, please contact us as set forth in the “How to contact us?” section.
- How to contact us?
Bradley & Rollins inc.
Attn: Privacy Officer
1350 Mazurette Street, Suite 228
Montreal, Quebec, H4N 1H2, Canada