Contact
Prendre rendez-vous

Confidentialité et données

Accueil Confidentialité et données

Latest update: August 2022

 

If you prefer to read this Privacy Statement in French, click here to access a substantially  equivalent version, of the same quality. We keep both versions of this document updated.

 

This Privacy Statement clarifies which personal data we, at S&E Cloud Experts inc. (“S&E”), collect, use or disclose from individuals  as part of our commercial activities. It also explains what we do with it, what rights individuals have over their personal data, and how they can exercise them. 


We are resellers of Google’s products and services, such as Google Cloud Platform (“GCP”) or Workspace (the “Google Services”). We can be a distributor or reseller of Google Services, or we can provide Google Services directly as a service provider to our clients, depending on our agreement with Google. 

 

Our clients can be your employer, an organization that provides you with access to the Google Services, or otherwise any entity that processes your personal data as part of their use of the Google Services (our “Clients”). We also provide services that are related to Google Services, such as data migration or account provisioning. In this Privacy Statement, we use the expression “Services” to designate services and products for which we are the service providers for our Clients. 

 

This Privacy Statement only covers our processing of personal data as part of the Services that we provide to our Clients. Even when we are the service provider to our Clients, our processing of personal data depends on how the Google Services are configured, or how they are used by our Clients. Please consult Google’s privacy statements for more information on how Google processes personal data.

 

Our Clients may process your personal data for various reasons that may not be covered in this Privacy Statement. You should consult their privacy statements or policies to find out more about how they process your personal data. 

 

This Privacy Statement  does not apply to how we collect, use or disclose personal data through our website, social media, or as part of digital marketing. Please consult our Website Privacy Policy for more information.

 

If you have any questions on your privacy, or otherwise in connection with this Privacy Statement, you can reach out to our Privacy Officer at privacy@secloud.ca

 

Please click on each question below for more information and to easily navigate this Privacy Statement.

 

  • WHAT PERSONAL DATA DO WE COLLECT?

 

We process your personal data if we need to do so to provide the Google Services to our Clients, or for related Services. Depending on how our Clients use the Google Services, we may collect different types of personal data. For example, when our Clients use Google Workspace for Education, the personal data of preschool to high school students can be collected to provide this service, and as part of our Clients’ regular use of Google Workspace for Education.

 

You can consult Google Workspace for Education Privacy Notice here

 

We don’t have access to our Clients’ content in the cloud services while we perform the Services, including personal data of individuals. We collect personal data for the provisioning of the Google Services, such as to create accounts, for billing our Clients, or otherwise to administer their accounts.  However, the Google Services do collect personal data independently of our involvement, such as location information or online activities. Please review Google’s privacy practices for more information.

 

Personal data means information that can directly or indirectly identify an individual. Most of the personal data that we access as part of the Services that we provide is business contact information. We also collect electronic information that is generated automatically by our Clients’ use of the Google Services to generate usage data for billing purposes, to issue recommendations to Clients, as well as for fraud prevention and security. We can also collect personal data when we are required to do so under the law.

 

  • Cloud payments and transactions : We keep reasonable business records of charges, payments, and billing details as part of our account management services. This requires the processing of business contact information. We do not have access to any minors’ personal data when performing these Services.


  • Cloud settings and configurations: The Google Services record Clients’ (and their users’)configuration and settings, including credentials and attributes. Our Clients are responsible for configuring their security settings, which can result in further processing of personal data. For instance, Google Workspace for Education includes data loss protection tools that are configured by Clients using their own rules and policies : this may result in further processing of personal data, such as email content. 


  • Technical and operational details of Clients’ usage of the Google Services: We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain Cloud Services and related software. This information may include device identifiers, identifiers from cookies and tokens, and IP addresses. 

 

When we are providing our Clients with the Google Services directly as a service provider, we collaborate with Google based on the Data Processing and Security Terms (Partners). This document is our agreement with Google on our processing of personal data.

 

If we are licensing, provisioning or selling the Google Services to our Clients, then Google is the service provider and it processes  personal data as described in the Data Processing and Security Terms (Customer). In this case, we only collect personal data as required to provide our Services, such as account management.

 

  • WHY WE PROCESS YOUR PERSONAL DATA? 

 

We only process personal data to provide our Services to our Clients. 

 

We do not sell your personal data to third parties nor do we use it for marketing purposes. Google Workspace services don’t collect or use information in those services for advertising purposes or to create ads profiles. Specifically, note that Google Workspace for Education does not include any marketing of children’s personal data, nor remarketing cookies. 

 

In Google Workspace, Google will also collect personal data through automated scanning tools, such as virus and spam protection, spell check, relevant search results and features like Priority Inbox and auto-detection of calendar events. This scanning is done entirely by Google, we are not involved, and Google does not scan Workspace emails for advertising purposes.

 

Here’s a more detailed overview of how we can process personal data in the course of providing the Services to our Clients :

 

    • To provide access to cloud services. This includes a number of processing activities that are necessary to provide the cloud services, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use. Please consult Google’s Privacy Notice for GCP for more information on your processing of personal data through GCP and similar cloud-based products by Google.
    • To provision and manage the Google Services. We may create Google accounts and email addresses to allow our Clients to use the Google Services,, assist our Clients by changing account passwords, process business contact information for invoicing purposes, access activity and usage statistics (these do not allow us to identify you specifically), suspend or terminate account access, or otherwise to help our Clients respond to your request to exercise your rights regarding your personal data.
    • To provide technical support. As part of the Services, we may provide technical support, or coordinate technical support on Clients’ behalf with Google. When doing so, we have access to personal data such as support ticket information and emails relating to the request. We may also access personal data in the course of responding or resolving the technical support request.
    • To provide related Services. Depending on our Clients’ instructions, we may provide other services that require the processing of your personal data, such as by assisting them with their data migration needs.
  • To provide updates to our Clients. We collect business emails from our points of contact to inform them of relevant updates, such as increase in pricing. We can also use this email to invite them to events or share marketing materials, in which case, users can opt-out of receiving these emails at any time.

 

When our Clients use Google Services, Google also processes personal data to provide recommendations on the use of the Google Services (including to improve the security of your personal data) and to improve the performance and functionality of the Google Services by optimizing them for the Client.

 

We may also process your personal data to detect, prevent and respond to fraud, abuse, security risks, and technical issues. For instance, certain security detection tools, such as log monitoring, may result in the processing of personal data. These security functions are exercised through the Google Services, and not directly through S&E. We don’t have access to the personal data resulting from these security detection tools..

 

To achieve these purposes, Google may combine personal data about you from other Google Services. Google may use algorithms to recognize patterns in personal data  to provide recommendations which are communicated to Clients as part of the Google Services. Manual collection and review of personal data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use personal data for internal reporting and analysis of applicable product and business operations.

 

We know you’ve heard this before, but we may also need to process personal data to comply with our legal obligations, for example, if we have to respond to  a request by the authorities, or to meet our financial record-keeping obligations. We won’t share your personal data with the authorities unless we believe the request is justified, after consulting with our legal advisors.

 

  • WHERE ARE YOUR PERSONAL DATA STORED?

 

We process personal data from Canada. However, our Clients may choose different geo-locations for the hosting of their Google Services, and the Google Services may result in the processing of your personal data outside of the jurisdiction in which you are located.  You can consult Google’s Privacy Notice for its cloud services by clicking here.

 

  • HOW DO WE SECURE YOUR PERSONAL DATA?

Google offers several security controls as part of the Google Services. For instance, Google Workspace includes Client-side encryption, trust rules for Drive and Drive labels, as well as enhanced phishing and malware protection for Drive. Client-side encryption allows our Clients to take direct control of their encryption keys and allows encrypted collaboration experience while in-browser. Trust rules are set up by our Clients so that they can enforce restrictions on internal and external sharing. Google also has spam blockers integrated in Google Workspace that prevents the receipt of executable files that could contain damaging executable code.

Depending on our Clients’ implementation and use of the Google Services, different security features may be applicable. For instance, Clients using Google Workspace and enrolled in its Advanced Protection Programs may have different security controls. Our Clients are also responsible for adequately configuring the Google Services for security purposes.

There are several security controls protecting your personal data when it is processed as part of our Services:

  • Our data centers are connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent your personal data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media.
  • Our data centers maintain on-site security operation controls, such as CCTV cameras, alarm system, internal and external patrols. There are data center access procedures for accessing the data centers, as well as electronic card key and biometric access control system linked to an alarm. 
  • Our personnel are required to execute a confidentiality agreement and we only provide them access to Service Data on a need-to-know basis.

You can read more about how Google keeps your personal data private, safe and secure by consulting their Safety Center.

If you are using Google Workspace for Education, you may be reassured to know that Google has signed the Student Privacy Pledge, introduced by the Future of Privacy Forum and the Software & Information Industry Association.

  • HOW DO WE SHARE YOUR PERSONAL DATA?

How your personal data is shared depends mostly on how our Clients use the Google Services to process your personal data. Our Clients may also integrate the Google Services with third-party applications, technologies or services, resulting in further sharing of your personal data. These third parties are not within the scope of this Privacy Statement. Please consult our Clients’ privacy notices to better understand how they process your personal data.

Your personal data may be shared to the following types of third parties:

Categories of third parties Explanations 
Google (and its affiliates) To provide the Google Services to Clients, or to perform the Services for Clients, we will share your personal data with Google and its affiliates. The types of personal data that we share with Google depends on how our Clients decide to use the Google Services. Google may also access your personal data independently, such as for monitoring and protecting the Google Services.
Service Providers We use service providers to perform our Services, including to maintain our infrastructure.  For example, we use Freshdesk to manage technical support tickets. You can read their privacy notices here.
Network Partners In some cases, we work with other partners to provide the Services or Google Services requested by Clients, such as other resellers, integration partners, Clients’ suppliers, or distributors. Depending on the situation, we may share your personal data with these network partners.

When the Google Services are licensed or provisioned, our Clients may share your personal data directly with Google, and we may never be involved, directly or indirectly.

The Google Services contain functionalities that allow users to share personal data with other people. Clients have control over rules that can be enforced, and you can also enforce some rules by yourself. We don’t have control over the sharing of personal data by our Clients or their users. 

 

We can be required to disclose your personal data in response to a subpoena, at the request of governmental or judicial authorities in the event of an investigation or in the event of other legal processes in which we are required to cooperate by law. 

 

If we go through a merger and acquisition, if we sell part or all of our business, or otherwise as a result of corporate transactions, we may have to share your personal data either to facilitate the transaction, or as a result of the transaction.

 

  • HOW LONG DO WE STORE YOUR PERSONAL DATA?

 

We retain your personal data as long as it is necessary to provide our Services (including for our Clients to use the Google Services), and longer if we need to retain it to comply with applicable laws. Our Clients can manage some of their retention periods within the Google Services. 

 

By default, Google Workspace will purge all spam within 30 days. Google will retain your personal data information until your account is removed. Accounts are managed by our Clients. Google may also automatically delete certain types of personal data as part of the Google Services based on their predetermined retention period that you can consult here.

 

Google keeps multiple backup copies of the content stored through the Google Services so that it can be recovered and restored in case of errors or system failure. As a result, Google may retain copies of your personal data for some time after it is deleted. You can watch this video here to learn what happens when data is deleted from the Google Services.

 

  • WHAT RIGHTS DO YOU HAVE OVER YOUR PERSONAL DATA?

 

It depends on where you are located. We provide Services largely in North America. Most individuals have the right to withdraw their consents, modify or access their personal data. We don’t necessarily have access to all your personal data, so it’s often better to address your request to the Client which is processing your personal data through the Google Services rather than us directly. 

 

In any cases, we’re happy to respond to your questions, feel free to write to our Privacy Officer at privacy@secloud.ca

 

If you write to us, we may inform our concerned Client or Google of your request, or any third party we need to inform to adequately respond to your request. We may also ask you for  additional personal data if required to validate your identity.  

 

We’ll get back to you within 30 days, unless we inform you that we need longer. If we can’t respond or accept your request, we will give you an explanation why. If you’re not satisfied with our response, please reach out, we’ll try our best to help you again.

 

Otherwise, you can always lodge a complaint with your local privacy regulator. If you are located in Quebec, you can send your request to the Commission d’accès à l’information. You can find more information about lodging a complaint with this regulator here. If you are located elsewhere in Canada, you can reach out to the Office of the Privacy Commissioner of Canada. This webpage contains more information on how to file a privacy complaint.  

 

  • CAN WE CHANGE THIS PRIVACY STATEMENT?

 

We  may from time to time and without prior notice review and modify this Privacy Statement. Check the date of the latest update above to know when this Privacy Statement was last updated. In case of a significant change in how we process personal data, we will inform our Clients. 

 

Keep in mind : Google may also change how it processes your personal data, including as part of the Services. We don’t control how Google processes your personal data except as set forth in the Data Processing and Security Terms (Partner). Our Clients are responsible for providing their users and concerned individuals with updates on how they process their personal data. We don’t control this either. 

SE Cloud Experts

Prêt pour votre transformation numérique?
Alors commençons!

Nous contacter