Privacy policy - Terms & Conditions

Privacy Policy for - September 2023

We are committed to protecting the privacy of our employees, supplier-collaborators, and customers, and ensuring the confidentiality of personal information entrusted to us in the course of our activities.

Our privacy policy outlines our standards for the collection, use, disclosure, and retention of your personal information. It also explains how we protect your personal information and your right to access it.


Personal information is any information about an individual that allows for their identification, such as their professional contact details, including job title, address, phone number, and professional email address.

Personal information must be protected regardless of its format and whether it is in written, graphic, audio, visual, electronic, or any other form.


The collection of personal information about you enables us to provide you with high-quality service when you make a purchase with us (Name, email address, phone number, and home address).

The purposes for which we collect your personal information are simply to identify you for your purchase transaction.


When we obtain information about you, we first ask for your consent to collect, use, or disclose your information for the stated purposes. We will seek your consent for any other use, disclosure, or collection of your personal information or if the purposes for which your information was collected change. However, your information will only be used for purposes related to processing your order properly.

In general, we will ask you for express written consent for the collection, use, or disclosure of your personal information. (When you proceed with your order, you give us consent.) In some circumstances, we may ask for your consent verbally. Sometimes, based on your actions or inaction, we may presume you have given us implied consent.

Consent may be given by you or by your authorized representatives, such as a legal guardian or an individual with a power of attorney.

You can withdraw your consent at any time. We will inform you of the consequences of any withdrawal, including the possibility that a request cannot be fulfilled. If you choose to withdraw your consent, your decision will be recorded in our records, and you must inform us in writing.

In certain exceptional circumstances, we may collect, use, or disclose personal information without your knowledge or consent. Such circumstances are met when, for legal, medical, or security reasons, it is impossible or unlikely to obtain your consent or when the information is required to conduct an investigation, prevent or detect fraud, or enforce the law.


We only collect personal information that we need from an authorized third party to disclose it. We cannot use your personal information for any purposes other than those for which you have consented or disclose it to a third party without your consent.

However, we may collect, use, or disclose personal information without your consent when permitted or required by law.

We limit the collection, use, and disclosure of your personal information to the purposes we have specified. Your personal information may only be accessed by certain authorized individuals for tasks assigned to them within our company.

We will occasionally communicate your personal information to certain suppliers to ensure the proper administration of our products or to provide you with the services you have requested. We are required to ensure that our service providers comply with the applicable privacy laws and that they provide a level of protection comparable to ours.

You have the right to know, upon request, to whom your personal information has been communicated. Exceptionally and in accordance with the law, we may refuse to disclose this information. We keep precise records of who your personal information has been disclosed to and the circumstances that led to the disclosure.


With your consent, we may also disclose your personal information to certain suppliers to accommodate your requests, better meet your needs, and offer the best possible services. If you do not wish to take advantage of this opportunity, you may choose not to consent.

We do not sell your personal information to third parties.


We make every effort to ensure that your personal information is accurate and complete, and that it is used for the purposes for which it was collected, used, or disclosed. (We only collect the following information: Name, address, phone number, and email address.)


We retain your personal information for as long as necessary for the purposes for which it was collected. We must destroy this information in accordance with the law and our record retention policy. When we destroy your personal information, we take the necessary steps to ensure its confidentiality and to prevent unauthorized access during the destruction process.


We are responsible for the personal information we have in our possession or that is under our control, including information entrusted to third parties for processing. We require these third parties to maintain strict privacy and security standards.

We adhere to the principles set out in the law and the rules we have put in place to protect your privacy. Our Privacy Officer oversees this privacy policy and the related processes and procedures for protecting this information.

Our staff is informed and adequately trained on our privacy policies and practices.


We have established and continue to develop stringent security measures to ensure that your personal information remains strictly confidential and is protected from unauthorized access, disclosure, alteration, or destruction. These security measures include organizational measures such as the use of security declarations and access restriction to what is necessary; physical measures and technological measures such as the use of passwords and encryption (e.g., changing passwords frequently and

using firewalls for our software).


You have the right to know if we hold personal information about you and to access that personal information. You also have the right to ask how this information was collected and used and to whom it was disclosed.

We will provide you with this information within a reasonable time from the date of receipt of the written request. Reasonable fees may also be required to process your request.

In certain exceptional circumstances, we may refuse to provide you with the requested information. Exceptions to your right of access include situations where the information requested pertains to other individuals, where the information cannot be disclosed for legal, security, or copyright reasons, where the information was obtained in an investigation into a potential breach of contract or fraud, where the information can only be obtained at prohibitive costs, or where the information is subject to dispute or is privileged.

You can verify the accuracy and completeness of your personal information and, if necessary, request a modification. Any request for modification will be processed within a reasonable time.

Requests for access to personal information or modifications to personal information can be sent to the address below:

Mélissa Lagacé
Privacy Officer
791, Ste-Marie Street, Chambly, J3L 2V9



Our team can address your questions and concerns regarding the protection of your personal information. If the response is unsatisfactory, you can contact the Privacy Officer at the above address.

Any complaints regarding the protection of personal information must be directed to the Privacy Officer at the address provided above.


This policy must be reviewed every three years. It should also be updated with any substantial changes to legislation or regulatory requirements.

This Privacy Policy of outlines the collection of certain personal data from its users.

The document may be printed for consultation purposes using the print command in any browser's settings.



Registration and authentication
Facebook Authentication
Personal data: Various types of data indicated in the service's privacy policy; Trackers

Gmail access authorizations to User Data (OAuth addition)
Personal data: Basic settings management

Google OAuth
Personal data: Various types of data indicated in the service's privacy policy

Owner and Data Controller
FLIXBOOK.CA - 791 Ste-Marie Street, Chambly, Quebec, J3L2V9, Canada

Owner's contact email:

FLIXBOOK.CA - 791 Ste-Marie Street, Chambly, Quebec, J3L2V9, Canada

Owner's contact email:

Among the types of personal data that collects directly or through third parties: Trackers; Basic settings management.

Full details on each type of personal data collected are provided in the sections dedicated to this privacy policy or through specific explanatory texts published before the collection of data. Personal data can be freely provided by the User, or, in the case of Usage Data, collected automatically when using Unless otherwise specified, all data requested by is mandatory, and their absence may make it impossible for to provide its services. If specifies that certain data is not mandatory, Users are free not to communicate this data without affecting the availability or operation of the service. Users with doubts about mandatory personal data are encouraged to contact the Owner. Any use of Cookies – or other tracking tools – by or by third-party service owners used by is intended to provide the User with the requested service, in addition to other purposes described in this document and in the Cookie Policy, if available. Users are responsible for any personal data of third parties obtained, published, or communicated through and confirm that they have the third party's consent to provide the Data to the Owner.

Processing methods
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Data. Data processing is carried out using computers or IT-enabled tools, following procedures and organizational methods strictly related to the stated purposes. In addition to the Owner, Data may be accessible to certain categories of persons in charge, involved with the operation of (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties can be requested from the Owner at any time.

Legal basis for processing
The Owner may process Users' Personal Data if one of the following conditions applies:

Users have given their consent for one or more specific purposes.


This privacy policy concerns and is effective as of its last update on November 22, 2022.

**User Data and Transfer**

User Data will only be transferred if necessary to provide or improve the functions present on the interface for the end User, and only as necessary to comply with the Applicable Law or as part of a merger, acquisition, or asset sale with prior notice to Users.

Data will not be human-readable unless:

- The Owner has obtained the User's affirmative consent for specific messages.
- It is necessary for security reasons and/or to comply with applicable law.
- The use is restricted to internal operations and the Data (including derivations) has been aggregated and anonymized.

**Personal Data Processed: Basic Settings Management.**

**Location of Processing: United States – Privacy Policy.**

**Google OAuth (Google LLC)**
Google OAuth is an authentication and registration service provided by Google LLC connected to the Google network.

**Personal Data Processed:** Various types of data indicated in the service's privacy policy.

**Location of Processing:** United States – Privacy Policy.


Users can exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to:

- Withdraw their consent at any time.
- Object to the processing of their Data.
- Access their Data.
- Verify and obtain a correction.
- Limit the processing of their Data.
- Have their personal Data deleted.
- Retrieve their Data and transfer it to another Data Controller.
- File a complaint with the competent data protection authority.

**Opposition to Processing Right Information**

When personal Data is processed in the public interest, for the exercise of official authority vested in the Owner or for the legitimate interests pursued by the Owner, Users may object to this processing by providing a reason related to their particular situation justifying this opposition.

However, Users should know that if their personal Data is processed for direct marketing purposes, they can oppose this processing at any time without any justification. To know if the Owner processes personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.

**Exercising these rights**

Any request to exercise the User's rights can be addressed to the Owner using the contact details provided in this document. These requests can be exercised free of charge and will be processed by the Owner as soon as possible, and always within one month.


This document informs Users of the technologies allowing to achieve the purposes described below. These technologies allow the Owner to access and store information (using a Cookie, for example) or use resources (by running a script, for example) on a User's device when interacting with

For simplicity, all these technologies are defined as "Trackers" in this document unless there is a reason to differentiate them. For example, although Cookies can be used in both web and mobile browsers, it would be inaccurate to speak of Cookies in the context of mobile applications as they are browser-based Trackers. Therefore, in this document, the term "Cookies" is used only when specifically intended to indicate this specific type of Tracker.

Some of the purposes for which Trackers are used may require User consent. When consent is given, it can be freely withdrawn at any time by following the instructions provided in this document. uses Trackers managed directly by the Owner (so-called "first-party" Trackers) and Trackers that enable services provided by a third party (so-called "third-party" Trackers). Unless otherwise specified in this document, third-party providers may access Trackers managed by themselves.

In addition to what is specified in the descriptions of each of the categories below, Users can find more precise and updated information regarding the description of the lifespan and any other useful information – such as the presence of other Trackers – in the respective third-party service providers' privacy policies linked or by contacting the Owner.

**Consequences of Refusal of Consent**

Users are free to give or not give their consent. However, it should be noted that Trackers allow to provide Users with a better experience and advanced features (in accordance with the purposes described in this document). Therefore, without the User's consent, the Owner may not be able to provide related functionalities.

**Owner and Data Controller**

FLIXBOOK.CA - 791 rue Sainte-Marie, Chambly, Quebec, J3L2V9, Canada

Owner's contact email:

Given that the use of Trackers by cannot be entirely controlled by the Owner, any specific reference to third-party Trackers has only indicative value. For complete information, Users are encouraged to check the privacy policies of the respective third-party services indicated in this document.

Due to the objective complexity of tracking technologies, Users are encouraged to contact the Owner if they wish to receive further information on the use of these technologies by

**Definitions and Legal References**

Personal Data (or Data): Any information that, directly, indirectly, or in connection with other information – including a personal identification number – allows the identification or identifiability of a natural person.

Usage Data: Information collected automatically by (or by third-party services employed by, which may include the IP addresses or domain names of the computers used by Users who use, the URI addresses (Uniform Resource Identifier or uniform resource identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the server's response (successful result, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the User, the various time details per visit (e.g., time spent on each page within the Application), and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters concerning the operating system or the User's IT environment.

User: The individual using who, unless otherwise specified, corresponds to the Data Subject.

Data Subject: The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor): The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller, as described in this privacy policy.

Data Controller (or Owner): The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of Unless otherwise specified, the Data Controller is the Owner of (or this Application): The means by which the User's Personal Data is collected and processed.

Service: The service provided by as described in the related terms and conditions (if any) and on this site/application.

European Union (or EU): Unless otherwise specified, any references made in this document to the European Union include all current member states of the European Union and the European Economic Area.

Cookie: Cookies are Trackers consisting of small sets of data stored in the User's browser.

Trackers: A Tracker indicates any technology – for example, Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprints –

that enables the tracking of Users, for example by accessing or storing information on the User's device.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to, if not stated otherwise within this document.