SDS RiskAssist by Rillea Technologies PRIVACY POLICY
Effective Date: April 19th, 2026
The following agreement (the “Privacy Policy”) describes how Rillea Technologies Inc. (also known as SDS RiskAssist) (the “Company”, “we”, “us”, or “our”) collects, uses, protects and discloses personal information and other information related to the individuals, including existing and prospective customers, and visitors to our websites (referred to as “you”). Please note that this policy also applies to Internet and e-mail use by the Company’s employees, contractors, clients, customers and suppliers.
WHAT IS PERSONAL INFORMATION?
“Personal Information” is any information which can identify an individual or through which an individual’s identity can be deduced, and which is disclosed to us or which we create within the context of our relationship with the individual. This includes but is not limited to:
- Identifiers: Name, address, email address, phone number and IP address
- Financial Information: Invoicing, payment and bank account details
- Technical Information: Cookies, browser history and device information
HOW DOES THE COMPANY COLLECT YOUR PERSONAL INFORMATION?
We collect your Personal Information when you visit our website or at the time you become a new customer, client, supplier, employee or contractor of the Company and thereafter when we communicate with you. For example, we collect your Personal Information:
- Directly from you: When you create an account, purchase a product, have discussions with our employees and contractors, sign up for a newsletter, fill out a form, interact with us on social media, or contact us;
- Automatically on marketing website: When you visit our website we use cookies and other tracking technologies provided by Google Analytics, LinkedIn and HubSpot to analyze website traffic and behaviour to improve website performance and our service offering. The automatic information collected from website interaction includes browser type, country, city, pages visited, device type and time and date of visit.
- Automatically from product website: When you visit our client-specific SDS RiskAssist website we use internal cookies to understand user and page use behaviour to improve website performance and our service offering. The automatic information collected from website interaction includes Internet Protocol (IP) address, user ID, pages visited, changes made and time and date of visit. We use Google Analytics cookies to analyze geographic website traffic and behaviour for cyber security purposes. Personal information is not shared with Google Analytics. Finally, we use MailGun to send transactional emails for such purposes as recovering a password or for information that the user has opted in to receive.
|
Domain Name |
Provider |
Cookie Category |
Cookie Type |
|
sdsriskassist.ca |
|
Necessary & performance |
Remembering preferences, geographic location, understanding user behaviour |
|
*.sdsriskassist.com |
|
Necessary |
Remembering preferences, geographic location |
|
sdsriskassist.ca |
|
Marketing/Advertising |
Understanding user interest in marketing activities |
|
sdsriskassist.ca rilleatech.com *.sdsriskassist.com |
HubSpot |
Functional |
Logging prospect and client-related activities via website forms and informational emails. Sending bulk emails about system maintenance. |
|
*.sdsriskassist.com |
MailGun |
Functional |
Sending automated transaction emails such as password resets, email verification and automated reminders. |
|
*.sdsriskassist.com |
Internal |
Necessary |
Assessing activity and maintaining history for safety and cyber security audit purposes, as required for regulatory compliance. |
- From third parties: We may receive information from partners, service providers, or other third parties, with your consent or as permitted by law. Examples include advertising campaigns and via events hosted or sponsored by Rillea Technologies Inc or SDS RiskAssist.
WHY DOES THE COMPANY COLLECT PERSONAL INFORMATION?
In serving the needs of the Company and its employees, contractors and customers, it is important that the Company has accurate information. The Company may collect Personal Information to:
|
Processing Purpose |
Type of Personal Information Collected |
Legal Basis |
|
To provide products and services |
Name, address and email |
Subscription/Contractual Necessity: necessary for the performance of the contract. |
|
To communicate with you |
Name, address and email |
Legitimate interest: to respond to your requests and improve our customer service. Note that essential cookies support your legitimate interest in how we interact with you. Analytics/marketing cookies are consent-based. |
|
For security purposes |
IP address, device information, email, time, date, geographic location |
Legitimate Interest: To protect our systems and prevent fraud. |
|
To send marketing emails |
Name, email |
Consent: We will only send you marketing emails with your explicit and informed consent. |
|
To improve our website and services |
IP address, Browse data, cookies |
Legitimate Interest/Consent: To analyze website traffic and user behavior. |
|
To comply with legal obligations |
Any information required by law |
Legal Obligation: To meet our legal and regulatory requirements. |
|
To conduct research and analysis |
Anonymized or pseudonymized data |
Legitimate Interest: To understand market trends and improve our offerings. |
|
For usage and safety logs |
Username, IP address, pages viewed, changes made, time and date |
Legitimate Interest: To ensure safety information is properly maintained and auditable. |
WHEN MIGHT PERSONAL INFORMATION BE DISCLOSED?
The Company may disclose Personal Information to:
- administer and maintain any employment/contractor relationship;
- audit website use for security;
- provide audits of page view history to clients for safety or security requests;
- administer and maintain payment;
- make hiring decisions;
- submit quotes or proposals to prospective customers or clients; and
- explore and/or undertake corporate opportunities, including a merger, acquisition, amalgamation, IPO, reorganization or sale of the Company, including the due diligence process and the transfer of information through to closing of any such transaction.
HOW LONG WILL THE COMPANY RETAIN YOUR INFORMATION?
We retain your information for only so long as is necessary for the purposes for which it has been collected. Your Personal Information will be destroyed once it is no longer needed by us and once all requirements at law have been met.
HAVE YOU CONSENTED?
We will seek your clear, free, and informed consent for the collection, use, and disclosure of your personal information, as required by law.
- Explicit Consent (Opt-in): We will require your explicit, affirmative consent for the collection of personal information or for marketing communications.
- Withdrawal of Consent: You have the right to withdraw your consent at any time. To withdraw your consent, you can unsubscribe from emails or contact our Privacy Officer. Withdrawing your consent may affect our ability to provide you with certain services.
DO WE DISCLOSE PERSONAL INFORMATION TO THIRD PARTIES?
Rillea Technologies does not sell your personal information to third parties, nor do we share it for cross-context behaviourial advertising.
We will not disclose your personal information to third parties without your consent, except where required or permitted by law. We may share your information with the following categories of third parties:
- Service Providers: We may use third-party service providers to help us with tasks such as payment processing, website hosting, and email delivery. These providers are bound by contract to protect your information and are only permitted to use it for the purposes we have specified.
- Legal and Regulatory Authorities: We may be required to disclose your personal information to comply with a court order, subpoena, or other legal process.
We may share information that has been anonymized without limitation.
IS PERSONAL INFORMATION STORED IN INTERNATIONAL LOCATIONS?
While all client data, related to SDS RiskAssist, is stored in data centres within Canada, it is not always possible to maintain all Personal Information, such as name and email addresses, in Canada. For example, Google Workspace currently only offers data centres in the United States and Europe.
As a result, your personal information may be transferred to, stored, and processed in countries outside of Canada, including the United States and Europe. When we transfer your information, we will take appropriate measures to ensure that it is protected with an equivalent level of security as required by Canada’s laws as well as those of the provinces.
- Privacy Impact Assessment: Before transferring your personal information outside of Canada, we will conduct a privacy impact assessment to ensure that the information will receive adequate protection.
HOW DO WE USE AUTOMATED DECISION-MAKING?
Automated decision-making are decisions made with little or no human intervention. We may use automated decision-making for marketing emails to provide you with a more personalized experience.
WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?
You have specific rights regarding your personal information, which we are committed to upholding:
- Right to Access: You have the right to request access to your personal information that we hold.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal information.
- Right to Erasure (Right to be Forgotten): You can request the deletion of your personal information in certain circumstances.
- Right to Object to Processing: You can object to the processing of your personal information for specific purposes, such as direct marketing.
- Right to Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format and, where technically feasible, have it transmitted to another organization.
- Right to be informed of automated decision-making: We will inform you if we use your personal information to decide, based solely on automated processing, including profiling, and you have the right to request human intervention.
To exercise any of these rights, please contact our Privacy Officer at the contact details provided below. We will respond to your request within 30 days, as required by law.
HOW DOES THE COMPANY PROTECT PERSONAL INFORMATION?
Safeguards, security systems and processes are in place to protect your information against unauthorized access, disclosure, use, or modification. Your Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have been designated with such authority and only to the extent necessary to accomplish the objectives we’ve described above, or to the Company’s relevant benefits.
Furthermore, the Company agrees to take reasonable steps to maintain appropriate physical, technical and administrative security to ensure they remain effective against evolving threats to help prevent loss, misuse, unauthorized access, disclosure or modification of Personal Information.
WHAT PROCESSES ARE IN PLACE TO HANDLE INCIDENT MANAGEMENT AND BREACH NOTIFICATION?
We have a robust process, in compliance with information security standards such as ISO 27001, in place to handle confidentiality incidents. In the event of an incident involving your personal information, we will:
- Take immediate steps to mitigate any harm.
- Assess the risk of injury to affected individuals.
- Notify the relevant privacy commissioner if the incident presents a risk of serious injury.
- Notify you, the affected individual, if the incident presents a risk of serious injury.
- Maintain a register of all confidentiality incidents.
IS PRIVACY BY DEFAULT AND ARE PRIVACY IMPACT ASSESSMENTS CONDUCTED?
- Privacy by Default:When we offer a product or service that involves the collection of personal information, the highest level of privacy protection will be set by default, without any action on your part.
- Privacy Impact Assessments (PIAs):We will conduct a PIA for any project involving the collection, use, communication, keeping, or destruction of personal information, as well as for any transfer of personal information outside of Canada.
DATA FOR CHILDREN UNDER THE AGE OF 18?
Our services are directed to the public. We do not knowingly collect information from children under the age of 18. If we learn to have inadvertently collected personal information for a child under the age of 18, it will promptly be deleted.
WHO DO YOU CONTACT FOR QUESTIONS OR COMPLAINTS?
If you have any questions or concerns about this policy, or should you wish to review your Personal Information, please contact:
Lisa Hallsworth
CEO and Data Protection Officer
Rillea Technologies Inc.
218 Avonlough Rd.,
Belleville, ON,
K8P 5G4;
If you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory body such as:
- Ontario: Office of the Information and Privacy Commissioner of Ontario
- Quebec: Commission d'accès à l'information du Québec or similar for other provinces
- Canada (Federal): Office of the Privacy Commissioner of Canada