Privacy Policy

1. General information

    a) Introduction

The protection of privacy is important to Gestion Nordik Spa Nature inc. and its related companies (hereinafter collectively referred to as the “Company”, “We”, “Us” or “Our“). For this reason, We have implemented safeguards and sound management practices for Your Personal Information in accordance with applicable laws in Quebec and Canada. 

This privacy policy (the “Policy”), which should be read in conjunction with Our Legal Notice, describes Our practices regarding the collection, use, processing, disclosure and retention of Personal Information of Our members, visitors and users. It applies to the Company as a whole. 

By using Our websites https://www.groupenordik.com/, https:///lenordik.com, https://app.lenordik.com, and https://tribu.groupenordik.com/ (the “Websites“) or any of Our Services, you agree that We may collect, use, process, disclose and retain Your Personal Information in accordance with the terms described herein. If you do not agree to abide by and be bound by this Policy, you may not visit, access or use Our Websites or Services, nor share Your Personal Information with Us. 

This Policy does not apply to Personal Information of the Company’s employees, representatives and consultants, or of any other person affiliated with the Company, nor to any information that does not constitute Personal Information as defined by applicable laws in Quebec and Canada.  

    b) Privacy officer

Questions, comments and complaints regarding the Company’s Privacy Policy and practices may be addressed to Our Privacy Officer at the following coordinates: 

Name and title : Alexandre Cantin, Operations Manager 

Phone number : 1-866-575-3700 

Email: vieprivee@groupenordik.com 

Address: 75, boul. de la Technologie, Gatineau (Québec) J8Z 3G4

2. Definitions 

The following words and expressions, when appearing with a capitalized first letter in the Policy, have the meanings attributed to them hereinafter, unless otherwise implied or explicit in the text: 

“Company“, “We“, “Us“, “Our“: Gestion Nordik Spa Nature inc. and its related companies. 

“Service Provider” means any individual or entity that processes Personal Information on behalf of the Company. These are third-party entities or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services or to assist the Company in analyzing the use of the Services. 

“Personal information” means any information that relates to a natural person and allows that person to be identified, i.e., that directly or indirectly reveals something about that person’s business, characteristics (e.g., abilities, preferences, psychological tendencies, predispositions, mental abilities, character and behaviour) or activities, regardless of the nature of the medium or the form in which the information is accessible (written, graphic, sound, visual, computerized or other). 

“Privacy Officer“: the person who is responsible for the application of this Policy and whose contact information is identified in section 1 of this Policy. 

“Services“: Services refers to the Websites and Our pages on social networks and the services and products rendered to you, such as:  

• Our developments and constructions relating to the various spa establishments in kind, in particular on :  

• • Our projects and achievements: We present information on our various projects and achievements, with details on each project; 

• • Our projects in development: We present information on projects currently under development; 

• • Our job offers: We present job opportunities within the company, in the field of construction of Our facilities; 

• • Our technical resources: We present information and technical tools relating to the construction of Our facilities; 

• Our services offered in Our nature spas : 

• • Our Customer Service: such as allowing You to contact Us by e-mail, telephone, SMS, or online chat; 

• • Our treatments: such as offering you detailed explanations of the treatments, massotherapies and experiences we offer; 

• • Our online store: such as You sell products and accessories; 

• • Our reservation service: such as providing You with Spaces to reserve Our massage therapy services and other related treatments; 

• • Our welcome kiosk: To check in when arriving in our facilities; 

• • Our code of conduct: to inform you of our rules and policies; 

• • Our special offers: gift cards and packages; 

• • Our customer testimonials: to share customer experiences with you; 

• • Our newsletter: to send You updates and news by e-mail if You wish; 

• • Our accommodation and catering service: to offer you accommodation and catering options, including online delivery; 

• • Our blog: To provide you with articles related to our establishments and the world of well-being; 

• • FAQ: Answers to frequently asked questions. 

“Websites“: Our websites https://www.groupenordik.com/, https:///lenordik.com, https://app.lenordik.com, https://tribu.groupenordik.com/ 

“Cookies“: Cookies are text files that are installed on Your computer or mobile device. These cookies may contain information about Your search history, the web pages You visit and Your web browser. 

“Process”, “Treatment”: This term covers all operations that may affect or concern personal information, including: collection, use, storage, destruction, communication or transmission.  

“You“, “Your“: The persons benefiting from Our Services, the visitors of our Websites and all users having recourse to the Company’s Services.

3. Processing of Personal Information

    3.1 Collection of Personal Information 

In the course of Our activities, We may process various types of Personal Information, including the information listed below: 

• Your contact information and Your identifiers, including Your first and last name, Your address, Your e-mail address, Your telephone number, if You are under 14 years of age, Your gender, or, if applicable, if You require assistance (for example, in the event of a disability), We will ask You to enter this Information when You wish to register for the Services that require it; 

• transaction and payment information, such as the payment method used, date and time, payment amount, billing zip code, Your address and other related information. In addition, Your payment is made via Our payment partners Moneris, Shopify, Google Pay, Apple Pay or Sezzle, Your credit card number and other related information may be recorded by these providers (for more information about Our providers, please see sub-section 3.3.1).  

• information necessary for the provision of Our Services, such as information concerning the Services We have rendered or are rendering to You;  

• information that you choose to provide or transmit to Us, for example, in the following cases:  

• • when you request information in order to be sponsored, make a reservation or place an order for a gift; 

• • when you apply for a job, by e-mail, or directly on a platform of one of Our suppliers such as ADP Workforce (for more information about Our suppliers, please refer to sub-section 3.3.1 of this Policy). To apply for a job, you will be asked to provide us with Your name, Your first name, Your professional and academic background, Your personal characteristics, and other information. 

• • When you communicate with one of Our employees or representatives or use Our online chat service.  

• information automatically collected through the use of Our Websites and Services, including:  

• • connection and other information about Your activities on Our Websites, such as Your IP address, the pages You have visited, the time and date of Your visits, the number of connections, the type of browser You use, the operating system of Your device and other hardware and software information;  

• • demographic data and your geographic region, an approximate location determined from Your IP address. This collection is used for technical purposes, such as identifying appropriate live content based on Your geographic region.
    It should be noted that some of this information may be collected and communicated to some of our suppliers, particularly Hotjar (for more information about Our suppliers, please refer to sub-section 3.3.1 of this Policy). 

In each case, such Personal Information is processed in accordance with the legitimate and necessary purposes listed in article 3.2 below. 

    3.2 Use of Personal Information 

We may use Your Personal Information for the legitimate purposes described below: 

• operate, maintain, supervise, develop, improve and offer all the functionalities of Our Websites;  

• present our services and products, including 

• • Information on Our developments and constructions relating to the various spa establishments in nature, in particular on:  

• • • Our projects and achievements: We present information on our various projects and achievements, with details on each project; 

• • • Our projects in development: We present information on projects currently under development; 

• • • Our job offers: We present job opportunities within the company, in the field of construction of Our facilities; 

• • • Our technical resources: We present information and technical tools relating to the construction of Our facilities; 

• Our services offered in Our nature spas: 

• • Our Customer Service: such as allowing You to contact Us by e-mail, telephone, or online chat; 

• • Our treatments: such as offering you detailed explanations of the treatments, massotherapies and experiences offered; 

• • Our online store: such as You sell products and accessories; 

• • Our reservation service: such as providing You with Spaces to reserve Our massage therapy services and other related treatments; 

• • Our code of conduct: to keep you informed about our rules and policies; 

• • Our special offers: gift cards and packages; 

• • Our customer testimonials: to share customer experiences with you; 

• • Our newsletter: to inform you of updates and news by e-mail; 

• • Our accommodation and catering service: To offer you accommodation and catering options, including online delivery; 

• • Our blog: To provide you with articles related to our establishments and the world of well-being; 

• • FAQ: Answers to frequently asked questions. 

• allow you to apply for job offers;  

• perform Our contractual obligations to you; 

• develop, improve, and offer new Services; 

• send you messages, updates, and security alerts;  

• for marketing and business development purposes, if you have previously consented to the processing of Your Personal Information for these purposes; 

• carry out research, analysis and statistics relating to Our organization and Our Services; 

• detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities; 

• for our financial and safety audits;  

• for any other purpose permitted or required by law.

    3.3 Disclosure of Personal Information 

We may disclose Your Personal Information to Our employees (including human resources and IT departments), contractors, consultants, agents, service providers and other trusted third parties (collectively, “Service Providers”), who require such information to assist Us in operating Our Websites, conducting Our business or serving you, provided that such Service Providers have previously agreed in writing to maintain the confidentiality of Your Personal Information in accordance with applicable laws and Our Information Governance Program.  

We do not sell, trade, or otherwise disclose your Personal Information to third parties.  

    3.3.1 Service providers and other third parties 

Although We try to avoid sharing Your Personal Information with third parties, We may use Service Providers to perform various services on Our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below the cases in which such sharing may take place:  

• We use Google Ads to analyze the audience of Our Services, establish statistics and converse with customers and prospects. We also use Google Play services for our application. For more information, see Google’s privacy policy and their advertising and measurement cookie table;
  • Please note that this Cookie may identify You and profile Your web activities in order to provide You with advertising that matches Your interests (targeted advertising);
  • This Cookie communicates to Google the personal information indicated in our Cookie Policy for the purposes identified therein; 

• We use the Google Analytics cookie to analyze the audience of our websites and compile statistics. For more information, please consult Google’s privacy policy and their table of cookies for advertising and measurement purposes;
  • Please note that this Cookie may identify You and may profile Your web activities in order to provide You with advertising that matches Your interests (targeted advertising);
  • This Cookie communicates to Google the personal information indicated in Our Cookie Policy for the purposes identified therein; 

• We use the services of Amazon to host our servers. For more information, see their privacy policy;  

• We use Facebook Pixel services to help understand and serve ads, compile statistics and converse with customers and prospects. For more information, see Meta’s privacy policy;
  • Please note that this Cookie may identify You and may profile Your web activities in order to provide You with advertising that matches Your interests (targeted advertising);
  • This Cookie communicates to Meta the personal information indicated in our Cookie Policy for the purposes identified therein; 

• We use YouTube services to present Our products and Services. For more information, please see our privacy policy;
  • Please note that this Cookie can identify You and profile Your activities on the web in order to provide You with advertising that matches Your interests (targeted advertising);
  • This Cookie communicates the personal information indicated in Our Cookie Policy for the purposes identified therein; 

• We use Vimeo‘s services and cookies to present videos related to Our products and Services. For more information, please consult their privacy policy and their cookies policy;
  • These Cookies may provide Vimeo with the personal information set out in Our Cookie Policy for the purposes identified therein; 

• We use the services of the LinkedIn social network to converse with customers and candidates or prospects for recruitment purposes. For more information, please consult LinkedIn’s privacy policy; 

• We use the services of the social networks Facebook and Instagram, from the Meta network, to communicate about Our activities and to present Our Services and programs. For more information, see Meta’s privacy policy; 

• We use the services of ADP Workforce to recruit Our employees. For more information, please consult our privacy policy; 

• We use Moneris services to optimize Our sales. For more information, please consult our privacy policy; 

• We use the services of Shopify as an e-commerce platform allowing Us to create and manage Our online store. See their privacy policy; 

• We use the services of Amazon Web Services (AWS) to host Our Websites.
  • All categories of personal information identified in section 3.13 may be communicated or stored through this service;
  • For more information, please consult their privacy policy; 

• We use the services of Ritual for online meal orders, in connection with Our restaurants. For more information, see their privacy policy; 

• We use Google Pay and Apple Pay services to enable you to make online payments.
  • For more information on Google Pay, please consult their privacy policy;
  • For more information about Apple Pay, please see their privacy policy;  

• We use the services of Sezzle to allow you to make online payments. For more information, see their privacy policy;  

• We use TripAdvisor‘s services to help us promote our spas. For more information, see their privacy policy; 

• We use Google Review services when you fill in online forms. See their privacy policy; 

• We use the services of TrustYou to communicate satisfaction surveys. For more information, please consult their privacy policy; 

• We use the services of Klaviyo to communicate our newsletter. For more information, see their privacy policy; 

• We use CJ‘s services to help us promote our spa facilities. For more information, see their privacy policy; 

• We use Gladly‘s services when you use the Chat function. For more information, see their privacy policy; 

• We use the services of Visual Website Optimizer when you use the Chat function. For more information, see their privacy policy; 

• We use the services of Google fonts to ensure the correct display of typography on the site. For more information, see their privacy policy; 

• We use the services of CloudFlare for protection against fraud and spam. For more information, see their privacy policy;
• We use the services of Bootstrapcdn to ensure proper display of website content. For more information, see their privacy policy; 

• We use a cookie from Noibu to report technical problems on our website. This cookie tracks mouse movements while masking any data entered by the user. For more information, see their privacy policy and cookie management policy;  

• We use Hotjar‘s services for statistical purposes to evaluate the most frequent interactions on our web pages. For more information, see their privacy policy;  

• We use the services of Secur-IT for our information technology needs. For more information, see their privacy policy.  

• We use the Microsoft 365 suite, including Outlook, Sharepoint and other tools, to store Our documents. For more information, see their privacy policy; 

• We use Metatracer on Our digital systems to facilitate the detection and management of Your personal information and that of Our employees, all to ensure Our compliance with privacy laws.
  • Metatracer only collects identifiers as Personal Information.  

Disclosure of personal information outside Quebec. We may disclose Your Personal Information outside of Quebec and mandate an entity located outside of Quebec to collect, use, or retain Your Personal Information on our behalf. 

Safeguards when communicating outside Quebec. Before disclosing Your Personal Information to third parties outside the province of Quebec, We conduct a privacy impact assessment to evaluate the risks that may affect the security of Your Personal Information. This assessment also identifies appropriate security measures to reduce or eliminate these risks. The communication will then be subject to a written agreement binding these third parties to respect such measures.  

    3.3.2 Compliance with legislation, responding to legal requests, preventing harm, and protecting Our rights 

We may disclose Your Personal Information when We believe such disclosure is authorized, necessary or appropriate, including:  

• to respond to requests from public and governmental authorities, including public and governmental authorities outside Your country of residence;  

• to protect our business;  

• to comply with legal proceedings;  

• to protect Our rights, Our privacy, Our security, Our property, yours or that of third parties;  

• to enable Us to pursue available remedies or limit the damages We may suffer; and  

• in accordance with applicable laws, including laws outside Your country of residence; 

    3.3.3 Commercial transaction 

We may share, transfer or communicate, in strict compliance with this Policy and the provisions of the Act respecting the protection of personal information in the private sector, RLRQ c P-39.1 (the “Private Sector Act“) and the Act to modernize legislative provisions respecting the protection of personal information, LQ 2021, c 25 (the “Act 25″, assented to on September 22, 2021), Your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of the Business or Our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or any other business transaction, including in connection with the negotiation of such transactions).  

    3.4 Personal Information Consent 

Wherever possible, the Company obtains consent directly from the individual concerned for Us to collect, use, and disclose his or her Personal Information. However, if you provide us with Personal Information about other people, you must ensure that you have duly notified them that you are providing us with their information, in addition to obtaining their consent to such disclosure.  

We will seek Your explicit, manifest, free, informed, and purposeful consent before using or disclosing Your Personal Information for purposes other than those set out herein. We will also seek Your express consent whenever sensitive Personal Information is involved in any of the Company’s processing activities. We will ask for Your consent for each specific purpose in clear and simple terms, separate from any other information provided to You. 

BY USING OUR WEBSITES, BY TRANSMITTING YOUR PERSONAL INFORMATION BY E-MAIL, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY. 

If You do not consent, please stop using the Websites. Except where otherwise provided by law, You may withdraw Your consent at any time upon reasonable notice. Please note that if You choose to withdraw Your consent to the collection, use or disclosure of Your Personal Information, certain features of Our Websites may no longer be available to You or we may no longer be able to offer You some of Our services.  

    3.5 Retention of Personal Information 

Subject to applicable laws, We retain Your Personal Information only for the time necessary to fulfill the purposes for which such information was collected, unless You consent to Your Personal Information being used or processed for another purpose. As an indication, the duration of certain information may extend up to 7 years following the end of the Services rendered by the Company to You. In addition, Our retention periods may be modified from time to time due to legitimate interests (for example, to ensure the security of Personal Information, to prevent abuse and violations or to prosecute criminals). 

To obtain more information on the periods during which Your Personal Information is kept, please contact our Privacy Officer using the contact details provided in article 1b) of this Policy.

4. Your rights

As a data subject, you may exercise the rights set out below by contacting Our Privacy Officer in writing at the contact information provided in section 1b) of the Policy. Please note that We may ask you to verify Your identity before responding to any of these requests.   

• You have the right to be informed of the Personal Information We hold about You, its use, disclosure, retention, and destruction, subject to exceptions provided by applicable law; 

• You have the right to access Your Personal Information, to request a copy, including paper copies, of the documents containing Your Personal Information, subject to the exceptions provided by applicable law, and to obtain, where applicable, further details on how we use, communicate, store, and destroy it; 

• You have the right to rectify, amend and update the Personal Information we hold about you if it is incomplete, ambiguous, out of date or inaccurate; 

• You have the right to withdraw or modify Your consent to the Company’s collection, use, disclosure, or retention of Your Personal Information at any time, subject to applicable legal and contractual restrictions; 

• You have the right to ask Us to stop disseminating Your Personal Information and to de-index any link attached to Your name that gives access to such information if such dissemination contravenes the law or a court order; 

• You have the right to request that your Personal Information be communicated to you or transferred to another organization in a structured and commonly used technological format;  

• The right to be informed of a privacy incident concerning Your Personal Information that may cause You serious harm. To this end, we keep a register of all privacy incidents and assess the harm they may cause; 

• You have the right to file a complaint with the Commission d’accès à l’information, subject to the conditions set out in the applicable law. 

To process Your request, You may be asked to provide appropriate identification or to identify Yourself in some other way.

5. Cookies and other tracking technologies

We use cookies and similar technologies (collectively, “Cookies”) to help us operate, protect, and optimize the Websites and Services we offer. Cookies” are small text files that are stored on Your device or browser. They enable us to collect certain information when You visit the Websites, including Your preferred language, the type and version of Your browser, the type of device You are using and Your device’s unique identifier. While some of the Cookies We use are deleted after Your browser session ends, other Cookies are retained on Your device or browser to enable Us to recognize Your browser the next time You visit the Websites. The Personal Information collected through these Cookies is not intended to identify you. They are used to guarantee the operation of the Websites, to improve the user’s browsing experience and to provide certain data that enables us to better understand the traffic and interactions that take place on Our Websites, as well as to detect certain types of fraud. Cookies do not harm Your device and cannot be used to extract Your Personal Information. We collect Your IP address, information about Your device and Your operating system or browser, Your browsing path and history on Our Websites as well as Your queries, Your browsing preferences (the languages used), etc. We may also collect information about Your browser and Your device. 

You can set Your browser to notify You when Cookies are set on Your visit to the Websites, so that You can decide in each case whether to accept or reject the use of some or all Cookies. Please note that disabling Cookies on Your browser may adversely affect Your browsing experience on the Websites and prevent You from using some of its features. 

To find out more about how we use Cookies, please see Our “Cookie Policy”.

6. Safety measures

The Company has implemented physical, technological, and organizational security measures to adequately protect the confidentiality and security of Your personal information against loss, theft or any unauthorized access, disclosure, reproduction, communication, use or modification. These measures include  

On the administrative front, the adoption of a series of policies and procedures as part of the implementation of our information governance program, including:  

• govern the access, disclosure, retention, de-identification, anonymization and/or, where applicable, destruction of Personal Information; 

• determine the roles and responsibilities of Our employees throughout the life cycle of Personal Information and documents; 

• establish procedures for intervention and response in the event of a confidentiality incident; 

• govern the process for requests and complaints relating to the protection and handling of Personal Information. 

On a technical level, the use of several means such as:  

• use of a secure server and Secure Socket Layer (SSL) technology;
  
• use of backup systems, network monitoring software, etc.; 

• encryption, access control and internal and external audits. 

Given the public nature of this Policy, we have not provided an exhaustive list of the measures we are implementing. 

Despite the measures described above, We cannot guarantee the absolute security of Your Personal Information. If you believe Your Personal Information is no longer secure, please contact Our Privacy Officer immediately using the contact details in section 1b above.

7. Invisible ReCAPTCHA

Invisible reCAPTCHA analyzes activity on a web page function (e.g. mouse movements and typing patterns) to determine whether a user is a bot. 

The invisible reCAPTCHA service may collect information from Your device. Information collected by reCAPTCHA is stored in accordance with its privacy policy.

8. Payment details

Regarding credit card details or other payment information that you have provided to Us, We undertake to ensure that such confidential information is stored in the most secure manner possible.

9. Changes to this Privacy Policy

We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, We will publish the revised version of the Privacy Policy and update the update date in the footer of the Policy. If you do not agree to the new terms of the Privacy Policy, please do not continue to use Our Websites and Services. If you continue to use Our Websites or Our Services after the new version of our Policy becomes effective, Your use of Our Websites and Our Services will then be governed by this new version of the Policy.

10. Links to third-party websites

From time to time, We may include on Our Websites references or links to Our Facebook page, websites, products or services provided by third parties (“Third Party Services”). These Third Party Services, which are not operated or controlled by the Company, are governed by privacy policies that are entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Websites and Services that We offer. The Policy does not extend to third-party Services such as Our Facebook, LinkedIn, X, Instagram and TikTok pages.

11. Individuals under 14 years of age

If you are under 14 years of age, you must not provide Us with Your Personal Information without the consent of Your parent or guardian. If you are a parent or guardian and you become aware that Your child has provided Us with Personal Information without consent, please contact Us using the contact information set forth in Section 1(b) above to request that We delete that child’s Personal Information from Our systems.

12. Applicable laws

The laws of Canada, Alberta, and Quebec, excluding its conflict of law rules, will govern this agreement and Your use of the Websites. Your use of the Websites may also be subject to other local, provincial, national, or international laws.

13. References to Commissions by jurisdiction

If you feel that your rights or complaint have not been dealt with satisfactorily, or if you wish to lodge a formal complaint, you are encouraged to contact the competent authorities according to your geographical location:

• For Quebec residents, the Commission d’accès à l’information du Québec is the reference body for all questions relating to access to public documents and the protection of personal information. You can access its services and resources at the following coordinates:
• • Commission d’accès à l’information du Québec (Montreal) 
    • Address: Suite 900 2045 Stanley Street Montreal, Quebec H3A 2V4
    • Telephone: 514 873-4196
    • Fax: 514 844-6170
    • Toll-free: 1 888 528-7741
    • E-mail: renseignements@cai.gouv.qc.ca
    • Online at www.cai.gouv.qc.ca

• For Alberta residents, the Information and Privacy Commissioner of Alberta is the competent authority to assist you and handle complaints concerning access to information and privacy. You can access its services and resources at the following coordinates:
• • Office of the Information and Privacy Commissioner (Edmonton)
    • Address: #410, 9925 – 109 Street, Edmonton (Alberta) T5K 2J8
    • Telephone: 780-422-6860
    • Toll-free: 1-888-878-4044
    • Fax: 780-422-5682
    • E-mail: generalinfo@oipc.ab.ca
    • Online: https://oipc.ab.ca/  

• For residents of Canadian jurisdictions without specific provincial regulations, or where your concern or complaint falls under federal jurisdiction, the Office of the Privacy Commissioner of Canada is the appropriate federal agency. You can access its services and resources at the following coordinates:
• • Office of the Privacy Commissioner of Canada
    • Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3
    • Telephone: 819-994-5444
    • Toll-free: 1-800-282-1376
    • Online: https://www.priv.gc.ca/
    • Information request form: Information request form (priv.gc.ca)

These entities are qualified to offer guidance and handle complaints in their respective areas of jurisdiction concerning access to information and the protection of personal information.