Last update: September 4th 2024

Thank you for visiting the website of Les Studios Moment Factory Inc. (“Moment Factory”). This Privacy Policy applies to the website accessible at the link www.momentfactory.com (the “Website”).

1. WHO WE ARE
For the purposes of this privacy policy (the “Privacy Policy”), any reference to Moment Factory is deemed to include its affiliated entities (including any parent company or subsidiary), as well as their respective employees, officers, administrators, shareholders, agents, subcontractors, and other representatives. When we use the expressions “we”, “us”, or “our” below, we are referring to Moment Factory.

This Privacy Policy describes in which way we may collect, use, communicate, disclose, and otherwise process the personal data shared through the use of the Website. Our Privacy Policy also describes the steps we take to ensure data security, as well as how you can access, modify, or delete the personal data we hold about you. In addition to this Privacy Policy, your visit of the Website is also subject to (i) our Terms & Conditions, available at [note: insert link], and (ii) any other terms or conditions that may be communicated to you from time to time by Moment Factory.

If you do not consent to Moment Factory’s practices regarding the collection, use, communication, disclosure, and processing of personal data as set out in this Privacy Policy, please do not provide us with your personal data and do not use the Website.

Additional privacy laws and practices apply to individuals whose personal data is collected and used in the European Economic Area (“EEA”).

2. WHEN AND HOW WE COLLECT YOUR PERSONAL DATA
We respect your privacy and aim to minimize the collection of data from you. We also aim to be transparent, which is why we detail below the limited circumstances in which we may collect and process your personal data.

2.1 Direct Interactions
We may collect your personal data in the context of the following direct interactions with you:

• When you contact us by using a general e-mail address made available on the Website, (including to ask about the services and products we offer or for the purpose of asking a question, submitting a comment, or making a complaint (customer service));
• When you submit a job application; and
• When you interact with us on social media.

2.2 Automated online technologies or interactions
We may collect certain types of information electronically when you interact with our Website, reach out to us via email or social media accounts, or through the use of our or a third party’s technology, which include cookies, web beacons, single pixel gifs, or analytics engines. This information helps us understand what actions you take when you interact with these technologies and allows them to work properly.

We may combine this information with other information collected online such as your browsing history. We do this to understand how you use our Website and for the purpose of analytics, in order to provide you with more tailored advertising marketing campaigns. This includes serving interest-based advertising to you, subject to your right to withdraw consent. To learn more about the privacy choices available to you, please review Section 9 of this Privacy Policy.

The technologies we use include:

• Cookies, which are small text files that are saved on your computer when you visit a website so that information can be saved between visits, such as your login credentials or language preferences.
• Web beacons, and single pixel gifs, which are small image files that have information about you, such as your IP address, that can be downloaded when you visit a website or open an e-mail. This allows us to understand your online behaviour, monitor our email delivery, and provide you with interest-based advertising. These tools also allow our third-party tracking tools to gather information, such as your IP address, and provide this back to us in an anonymized, aggregate form (i.e., in a manner that prevents us from identifying you personally). Aggregate information refers to personal data compiled and expressed in a summary form where no personal identifiers are included.
• Web analytics tools such as Google Analytics, which uses cookies to analyze your use of our Website, to create reports about visitor and user activities for us and to provide further services associated with the use of our Website.
• Analytics engines, which pull Usage data from multiple sources and help manage and collect this data to use for personalization, interest-based advertising, customizing content and other methods to gain insights into the needs and preferences of visitors to our Website.
• With respect to our mobile applications, we use Identifier for Advertising for iOS and Google Advertising ID for Android.
• Tools that help protect against inappropriate uses, such as Google Invisible reCAPTCHA, which collects hardware and software information, such as device and application data and the results of integrity checks, as well as unique online identifications such as IP address, and sends that data to Google for analysis.

You may delete or disable certain of these technologies at any time via your browser. However, if you do so, you may not be able to use some of the features on our websites. To learn more about the privacy choices available to you, please review Section 9 of this Privacy Policy.

2.3 Third Party Sources
We may obtain information about you from other sources, including from customers, service providers and business partners, and combine such information with other data that we hold about you. More specifically, we may obtain some of your personal information from third parties in the following circumstances:

• you submit your application for a job through a technological platform operated by a third party (i.e., the Lever platform).

We may also call on third parties, such as Google, to:

• Perform remarketing, which consists of advertising on other websites to users who have visited our Website, including through Google Analytics (internet audience analytics solution). In such cases, relevant third parties, including Google, may advertise our content on sites across the Internet;
• Use the following features of Google Analytics: the creation of reports based on the saved impressions of our advertisements (a service that lets you place ads on a variety of news sites, blogs and other niche sites) to attract more potential visitors; integration with any management tool comprising a set of functionalities used for advertising, as well as targeting and monitoring advertising campaigns on websites and mobile devices, and creating related reports, including reports on the Demographic data of internet users and their interests;
• Collect, analyze, and/or gather your personal data (such as internet user’s IP address, gender, age, and interests), as well as create reports on the Demographic data of internet users and their interests, in order to help us understand how visitors interact with our Website and how to improve our Website, our products and our services.

The companies conducting remarketing can combine the use of first-party cookies (such as Google Analytics cookies) and third-party cookies (for example, DoubleClick cookies) to (i) gather personal data; (ii) inform, optimize and advertise based on your previous visits on our Website; and (iii) to determine the relationship between the registered visits on our Website and the advertising impressions, the other uses of advertising services and the interactions with these advertising impressions and services. To measure the effectiveness of our ads, these companies may also use tracer tags or web beacons to account for certain information regarding your visits to our Website and on the websites that contain links to our Websites or advertise it.

3. WHAT PERSONAL DATA WE COLLECT
For the purposes of this Privacy Policy, the term “personal data” means any information about an individual from which that person can be identified. It does not include data from which identity has been removed (anonymous data).

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

• Contact data includes name, surname, email address, title, telephone number, address, postal code, and contact preferences;
• Demographic data includes date of birth or gender;
• All information that may appear in a resume or other documents submitted in connection with a job application;
• Social media data includes information associated with your social media accounts and related profiles, such as name, username, email address, profile picture, date of birth and gender;
• Technical data includes IP (Internet Protocol) address, your login data, clickstream, and other related information, such as the websites you visited immediately before and immediately after visiting our Website, your time zone and location settings, information about your Internet service provider and other technologies on the devices you use to access our Website; and
• Usage data includes the number of visits to our Website, and the date and average time spent on our Website.

We also collect, use, store, and share Aggregated data, such as statistical or Demographic data. Aggregated data could be derived from your personal data but is not considered personal data if it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data and use it in accordance with this Privacy Policy.

We do not collect any sensitive personal data that includes details about racial or ethnic origin, political opinions, religious or philosophical beliefs or union membership, nor any genetic or biometric data for the purpose of uniquely identifying a natural person, nor any data concerning the health, sexual life, or sexual orientation of a natural person.

If you fail to provide personal data: When we need to collect personal data by law, or pursuant to the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform such contract. In this case, we may have to cancel the delivery of a product or the performance of a service that you have requested from us, to the extent that your refusal makes it impossible to perform our obligations. If so, we will notify you in due time.

4. HOW WE USE THE PERSONAL DATA WE COLLECT ABOUT YOU

4.1 General principles
We limit the collection of personal data to what is reasonably required to fulfill the purposes for which it is collected. Most commonly, we will use your personal data in the circumstances described below.

• With your consent: for instance, we will obtain your consent before sending marketing communications to you;
• When we need to perform the contract that we are about to enter into or have entered into with you: for instance, processing your data where it is necessary for the performance of a contract to which you are a party or to take steps on your behalf or at your request before entering into such a contract;
• When it is necessary to manage our business: for instance, to meet our contractual, legal, and regulatory obligations;
• When we conduct market research and data analytics: for instance, by tracking and analyzing your personal data to better understand our customer base and behaviour;
• When we have to comply with a legal obligation: comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

4.2 Purposes for which personal data is processed and their retention periods
The personal data that we collect may be compiled or used by all of the entities and persons comprising Moment Factory, as listed above. It may also be communicated internally to allow us to adequately respond to your requests, communicate with you, or assist you for the purposes described in this Privacy Policy.

We have set out below, in a table format, a description of all of the ways we plan to use your personal data, and the legal basis(bases) on which we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact our Privacy Officer if you need details about the specific legal grounds on which we rely to process your personal data where more than one ground has been set out in the table below.

Finally, we have provided in the paragraphs below information related to our standard retention for each type of personal data. How we handle your personal data after this retention period is described below in Section 7 of this Privacy Policy.

Contact with us by using an e-mail address made available on the Website, including about the services and products we offer or for the purpose of asking a question, submitting a comment, or making a complaint (customer service)

• We provide general e-mail addresses on our Website where you can send requests for information or other written communications.
• Consent; Necessary for our legitimate interests (to operate our business and process your written communications as required).
• We will keep this personal data for 2 years, except for the name and surname, which we keep in perpetuity to comply with legal requirements, namely, to provide evidence of consent.

Job application (for example, information included in a resume, a cover letter or other similar documents related to a job application).

• In the context of a job application or any related request for information, we use your personal data to process and respond to your request regarding present and future career prospects.
• Consent; Necessary for our legitimate interests (to operate our business, process your job application or reply to your request for information).
• We will keep this personal data for 2 years following the date it is received, unless you were notified that your application would be kept in our database for future opportunities, in which case this personal data would be kept until you withdraw your consent or remove your application from our systems.

Interaction with us on social media.

• We may offer you the opportunity to consult our content from or through third-party social media websites, plug-ins, and applications. When you consult our content, you can also allow us to have access to certain data associated with your social media accounts (for example your name, username, email address, profile picture and gender) in order to advertise our content or for the purpose of operating our Website, plug-ins and applications. When you provide information about your social media accounts, we may use that information to personalize your visit of the Website and of third-party networking websites, plug-ins and applications. We may also use this information to provide you with certain products or services that you have requested.
• Necessary for our legitimate interests (to study how existing and potential customers use our Website, to improve our marketing strategies, to develop our products and services offerings, to operate and grow our business).
• We will keep this personal data while we continue our operations or until you withdraw your consent.

Website information – Technical Data.

• When you use our Website, Moment Factory may collect certain information about you. We collect the IP (Internet protocol) addresses of all users of our Website as well as data on their browsing patterns, and other information, such as websites visited immediately before and after our Website , the pages requested, the type of browser, the operating system, the Internet service provider you use, the number of times you have visited the Website and the date and average amount of time you spent on the Website. We use this information to administer the Website, monitor and/or enhance our product and service offerings and our Website , determine how the Website is used, understand what parts of the Website are popular and analyze user trends and habits.
• Necessary for our legitimate interests (to operate our business, to provide administrative and technical services and to prevent
  fraud).
• We will keep this personal data while we continue our operations or until you withdraw your consent.

Cookies

• Moment Factory uses cookies. A cookie is a small text that contains a unique identification number which is transferred from the Website to the hard drive of your computer. Cookies are used to distinctly identify users of the Website and to track some of their activities on Website. Cookies are only used for the purpose of improving the quality of the Website, for instance, to know the traffic statistics of the Website and its various functionalities or to provide users with a better browsing experience, for instance, by memorizing their choices during a prior visit. Moment Factory will seek your express consent for the use of cookies that are not strictly necessary for the basic functions of your Website.
• Consent; Necessary for our legitimate interests (to study how existing and potential customers use our Website, to improve our marketing strategies, to develop our products and services offerings, to operate and grow our business).
• We will keep this personal data while we continue our operations or until you withdraw your consent.
  
  

5. HOW WE DISCLOSE YOUR PERSONAL DATA

5.1 Principle
Unless expressly stated in this Privacy Policy, we do not sell, rent, transfer, or disclose your personal data with third parties without your consent for purposes which are not disclosed herein.

5.2 Exceptions
We may share your personal data with third parties in the circumstances described below.

• Third-party providers: We may share all of the categories of personal data identified in Section 3 above with third parties that provide products or services to Moment Factory. These third parties are only permitted to use your personal data for the purpose of delivering such products or services to Moment Factory and are not permitted to use your personal data for their own internal purposes. These third-party providers help us operate our business, technology systems and applications, internal procedures, infrastructure and advertising and marketing. They provide services to us, such as advertisements and analytics services (e.g., tracking effectiveness of our marketing campaigns and analyzing usage of our websites and apps, fulfilling purchases, processing credit card payments, sending emails) [note: add details of other activities performed by third parties, if applicable].
• Judicial purposes: We may disclose your personal data when requested or required for judicial purposes. More precisely, Moment Factory and its third-party providers may disclose your personal data in response to a search warrant or other legally valid inquiry or order, or where necessary to respond to an investigative body in the event of a breach of agreement or a violation of the law, or as otherwise required or permitted by law. We may also disclose personal data where necessary for the establishment, exercise, or defense of legal claims, to prevent actual or suspected loss, to avoid personal injury or property damage.
• Sale, transfer of business or other transactions: We may share your personal data with another entity in the event that we sell part or all of our business or if we sell or transfer assets or are otherwise involved in a similar business transaction. In the event the transaction is completed, your personal data will remain protected by applicable privacy laws. In the event the transaction is not completed, we will require the other party not to use or disclose your personal data in any manner whatsoever and to completely delete such information, in compliance with applicable laws.
• Other permitted reasons: Applicable laws may permit or require the use, sharing, or disclosure of personal data without consent in specific circumstances (e.g., when investigating and preventing suspected or actual illegal activities, including fraud, or to assist government and law enforcement agencies). These circumstances include situations when permitted or required by law or when necessary to protect our group of companies, our employees, our customers, or others. If this happens, we will not share more personal data than is reasonably required to fulfill that particular purpose.

Our Website may contain links to other websites that we do not own or operate. In addition, links to our Website may appear on third party websites on which we advertise. Except as provided in this Privacy Policy, we will not share your personal data with these third parties without your consent. Links to third party websites are provided to the users of our Website for convenience only. These links are not intended to be an endorsement or recommendation of the linked sites. The linked websites may have separate and independent privacy statements, notices, and terms of use, which we recommend you read carefully. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use, disclose, protect or otherwise process your personal data.

6. TRANSFERS OF PERSONAL DATA TO OTHER COUNTRIES
As Moment Factory is headquartered in Canada, your personal data will be accessible from that location. The personal data that we collect from you may be transferred to, or stored at, a destination outside Canada. We will take steps reasonably necessary to ensure that any personal data transferred outside Canada is treated securely and in accordance with data protection laws applicable in the jurisdiction in which the information is processed or stored. These laws may not provide the same level of protection as privacy laws in Canada or the EEA.

7. HOW WE HANDLE AND PROTECT YOUR PERSONAL DATA INTERNALLY

7.1 How we protect your personal data
We have put in place and use administrative, technical, and physical safeguards to protect the personal data we hold about you against unauthorized access, use, modification, and disclosure. These safeguards also apply when we dispose of or destroy your personal data. We use reasonable safeguards to ensure that our service providers protect your personal data wherever it is used or stored.

7.2 Who has access to your personal data and how it is handled
We give access to your personal data to our employees, contractors, and third-party providers (each a “Representative”) only on a need-to-know basis, to fulfill the specific functions that we have assigned to them. During the retention period of your personal data, our Representatives are required to maintain the confidentiality of your personal data. They also have the responsibility to adhere to the administrative, technical, and physical safeguards that we prescribe in order to protect your personal data. They must otherwise comply with the policies and procedures designated in this Privacy Policy, including with respect to the retention, destruction, and anonymization of your personal data.

7.3 Our policies related to security incidents
We also take special measures to assess the potential risks applicable to the disclosure of your personal data. In the event of a security breach or a confidentiality incident, namely if your personal data is lost, accessed, used, disclosed without your authorization, or becomes accessible to an unauthorized person, we will inform you of such breach if it poses a risk of serious or significant harm. For example, a risk of serious or significant harm includes reputational damage, credit report damage, identity theft, bodily harm, humiliation, loss of professional opportunities or financial loss. If the breach poses a risk of serious or significant harm, we will notify you directly as soon as possible. If we cannot notify you directly, we will notify you of the breach by public communication. We will provide you with the information required to understand the significance of the security breach and take the necessary steps to reduce the risk of harm that may arise from it. We will also report the security breach to the government and any other organization that we believe may reduce the risk of harm that may result from this breach. We keep records of all security breaches or confidentiality incidents. Following a security breach or a confidentiality incident, Moment Factory investigates the causes of the breach or incident and reviews the safeguards in place to prevent a reoccurrence.

7.4 Retention, destruction, and anonymization of personal data
We have procedures in place regarding the retention, destruction and anonymization of personal data which are designed to retain personal data only as long as necessary to fulfill the purposes described in this Privacy Policy or to otherwise comply with the requirements of the law.

Typically, we would keep your personal data for the period detailed in Section 4.2 of this Privacy Policy. However, even after this retention period has lapsed, we will need to keep certain information because, among other reasons, it is required by law. When this information is no longer needed, it is destroyed. As part of the process of destroying information, we follow strict rules and ensure that no unauthorized person gains access to it. Instead of destroying your personal data, we may elect to anonymize it when we have a serious and legitimate purpose for doing so. Such anonymization will be carried out in accordance with generally recognized best practices and any applicable legal requirements.

7.5 Responsibilities of our Privacy Officer
We have appointed a Privacy Officer who is responsible for overseeing questions in relation to this Privacy Policy and who is in charge of the protection of personal data within our organization. If you have questions or comments regarding how we treat your personal data, including any request to exercise your legal rights, or if you wish to request access to, update or correct the personal data we hold about you, please contact our Privacy Officer as indicated below:

• Attention: Janie Giroux, Human Resources Director and Bassem Mustapha, Information Technology Manager
• Phone: (514) 843-8433
• Mailing address: 6250 Av du Parc, Montréal, QC H2V 4H8 Canada
• Email: janieg@momentfactory.com et bassemm@momentfactory.com

Our Privacy Officer is also responsible for handling any privacy complaint that you may have in relation to how our organization processes your personal data. Our Privacy Officer will handle each complaint in the following manner:

• contact the complainant in writing to acknowledge receipt of the complaint;
• investigate the complaint and assess its merits when sufficient information is available to the Privacy Officer; and
• respond to the complaint in writing including details of the organization’s privacy practices related to the complaint.
  
  

8. YOUR LEGAL RIGHTS
In relation to your personal data, you have the rights detailed below:

• Request access to your personal data (commonly known as “data subject access request”): this enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
• Request the correction or update of the personal data we hold about you: this enables you to have any incomplete, inaccurate, or outdated data we hold about you corrected or updated. However, we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to the processing of your personal data: where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms, and, in such cases, we may decide to continue processing your personal data.
• Request restriction of processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios:
  - If you want us to establish the data’s accuracy;
  - When our use of the data is unlawful, but you do not want us to erase it;
  - Where you need us to hold the data even if we no longer need it, as you need it to establish, exercise or defend legal claims; or
  - You have objected to the use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

• Request to transfer your personal data to you or to a third party: we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated or computerized personal data information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw your consent at any time when we are relying on your consent to process your personal data: however, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services, and this may prevent us from responding to inquiries, providing technical support or otherwise assist you in connection with the use of our products and services. We will notify you if this is the case when you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact our Privacy Officer using the contact information provided in Section 7.5 of this Privacy Policy.

Certain jurisdictions also provide a right for data subjects to request that an organization stop the dissemination of personal data or de-index any hyperlink that provides access to such data. This right does not arise in the context of our relationship with you, as none of your personal data will be made available on our Website.

You will not have to pay any fees to access your personal data (or to exercise any of the other rights set out above).

If you want to exercise any of the above-mentioned rights, we may need to ask you for specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you for further information in relation to your request to speed up our response.

We will respond to all legitimate requests within thirty (30) days.

9. CHANGING YOUR PRIVACY SETTINGS
Withdrawal or modification of consent: As previously indicated, you can write to our Privacy Officer using the contact information found in Section 7.5 above to withdraw or modify your consent to our use and disclosure of your personal data or refuse to participate in certain uses and disclosures, subject to legal or contractual restrictions.

Cookies: You can block the use of cookies by activating the setting for this purpose in your browser. For more information on how to block cookies using the cookie settings provided in your browser, please see our Cookie Policy [note: insert link].

Targeted advertising: You may opt out of personalized advertising from third-party advertisers and advertising networks that are members of the Digital Advertising Alliance of Canada (DAAC) by visiting the DAAC Opt-Out Page.

10. CHANGES TO PRIVACY POLICY
This Privacy Policy is regularly reviewed and may be updated from time to time to reflect changes in applicable laws or our practices regarding personal data. If we decide to change our Privacy Policy, we will post the revised policy on our Website. We will treat your personal data in accordance with the most recent version of the Privacy Policy.

11. HOW TO CONTACT US
For any inquiries related to this Privacy Policy, you can contact our Privacy Officer using the contact information provided in Section 7.5 above.