Privacy Policy and Personal Data Protection

Compliance with Loi 25 (Quebec) and PIPEDA (Canada)

Last updated: December 1, 2025

1.1 Data Controller Identity

Cogniwaves

Eric Ste-Marie

Montréal, Québec, Canada

Email: eric@cogniwaves.com

Website: https://cogniwaves.com

1.2 Data Collected

Via ISO 42001 assessment form:

  • First and last name
  • Professional email address
  • Job title
  • Organization
  • Industry and organization size
  • Questionnaire responses (42 questions on ISO 42001 maturity)
  • Technical data: IP address, browser, referrer, completion time

Via website navigation:

  • Analytics cookies (Google Analytics 4)
  • Navigation data (pages visited, duration)

1.3 Processing Purposes

Data is used for:

  • Generating your ISO 42001 maturity assessment report
  • Contacting you to discuss results and our services
  • Improving our services and website
  • Complying with our legal obligations

Consent: By submitting the form, you explicitly consent to the processing of your personal data for the purposes described above.

1.4 Legal Basis (Loi 25 & PIPEDA)

  • Express consent for collection and processing
  • Legitimate interest for service improvement
  • Contractual obligation for report delivery

1.5 Retention Period

  • Assessment data: 24 months after last contact
  • Analytics cookies: 14 months (Google Analytics)
  • Technical logs: 12 months

Beyond these periods, your data is permanently deleted or anonymized.

1.6 Data Sharing

Your data is never sold to third parties.

Limited sharing with:

  • Google (Sheets, Analytics): Storage and analysis (subject to their privacy policies)
  • Email providers: Report delivery (e.g., Gmail)

All subcontractors are located in Canada or subject to adequate safeguards (standard contractual clauses).

1.7 Your Rights (Loi 25 & PIPEDA)

You have the following rights:

  • Right of access: Obtain a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to portability: Receive your data in structured format
  • Right to object: Refuse processing for marketing purposes
  • Right to withdraw consent: Withdraw your consent at any time

To exercise your rights:

Email: eric@cogniwaves.com

Subject: "Data rights request - Personal data"

Response time: Maximum 30 days

1.8 Data Security

We implement technical and organizational measures to protect your data:

  • HTTPS transmission (SSL/TLS encryption)
  • Input validation and sanitization (XSS protection)
  • Rate limiting (anti-spam protection)
  • Restricted data access (Eric Ste-Marie only)
  • Regular backup (Google Sheets auto-backup)

1.10 International Transfers

Your data is primarily stored in Canada (Google Cloud Montreal region).

Google Analytics may transfer data to the United States. These transfers are governed by Google's standard contractual clauses and the Data Privacy Framework.

1.11 Modifications

This policy may be modified. Any substantial modification will be communicated by email to registered users.

1.12 Contact - Data Protection Officer

Eric Ste-Marie

Email: eric@cogniwaves.com

1.13 Complaint

If you believe your rights are not being respected, you may file a complaint with:

Commission d'accès à l'information du Québec (CAI)

https://www.cai.gouv.qc.ca

Phone: 1-888-528-7741

Commissariat à la protection de la vie privée du Canada

https://www.priv.gc.ca

Phone: 1-800-282-1376

Trusted AI Governance & Data Intelligence

Services

Company

Connect

The information provided on this site is for informational purposes only and does not constitute professional advice. For recommendations specific to your organization, contact us for a formal consultation.

Privacy Policy|Terms of Use|Exercise Your Rights

© 2024-2025 Cogniwaves | Eric Ste-Marie, SABSA Chartered Architect (A3)

We use cookies to analyze our traffic and improve your experience. By clicking "Accept", you consent to our use of cookies for analytics purposes.