Privacy Policy

Effective date: 15 May 2026

1. Who we are and what this policy covers

Rivard Signature Inc. is a Montréal-based independent CPA practice serving private companies, not-for-profits, and boards on governance, internal audit, and regulatory compliance. This policy describes how we collect, use, retain, and protect personal information through our website at https://www.rivardsignature.ca. It applies only to information collected via the website. Personal information collected during professional engagements is governed by the rules of the Ordre des CPA du Québec and by any engagement letter you sign with us.

2. Person responsible for the protection of personal information

In accordance with Québec's Act respecting the protection of personal information in the private sector (Law 25), the person responsible for the protection of personal information at Rivard Signature Inc. is:

Mathieu-Roger Rivard, CPA auditor, MBA, CIA
Email: contact@rivardsignature.ca

You may contact the person responsible to exercise your rights, ask questions about this policy, or file a privacy-related complaint.

3. Personal information we collect

We do not require visitors to create an account, and we do not accept online payments. We collect personal information only in the limited circumstances below:

Contact form. When you submit our contact form, we collect your first name, your last name, your email address, and the content of your message. These fields are submitted to us via Hostinger's form-processing service, which operates our website builder.

Email correspondence. If you write to us directly (for example at contact@rivardsignature.ca), we receive your email address, your name as it appears in the message, and the content of your message.

Technical access logs. Our hosting provider records standard server logs, which may include your IP address, browser user agent, the page requested, the timestamp, and the referrer. These logs are used only for security and operational monitoring.

We do not collect or process: financial account information, credit-card or banking details, government identifiers, health information, biometric information, or other sensitive personal information. We do not run advertising, marketing, or analytics scripts on this website.

4. Purposes for which we use your personal information

We use the personal information you give us only to: (a) respond to your inquiry and follow up on professional matters; (b) schedule a consultation, send you an engagement proposal, or onboard you as a client; (c) ensure the security, availability, and proper functioning of the website; and (d) comply with our legal, regulatory, and professional obligations, including those imposed by the Ordre des CPA du Québec.

We do not use your personal information for marketing, profiling, or sale to third parties.

5. Legal basis and consent

When you voluntarily submit information through our contact form or by email, you provide consent for us to use that information for the purposes described above. Where we rely on the necessity of preserving security or complying with a legal obligation, processing is justified by the corresponding provisions of Law 25 and PIPEDA. You may withdraw your consent at any time by contacting the person responsible identified in Section 2, subject to legal and professional record-keeping obligations.

6. Cookies and similar technologies

Our website sets only the essential, technical cookies required for the site to operate, for example session and security cookies. As at the date of this policy, we do not use analytics, advertising, profiling, social-media, or marketing cookies on this website.

If we ever introduce non-essential cookies, we will request your explicit, prior consent through a consent banner before any such cookie is set, with the most privacy-protective option selected by default. You will be able to accept or decline each category, and to withdraw your consent at any time.

You can also block or delete cookies through your browser settings; doing so may affect the functionality of the website.

7. Third-party processors and data hosting

Our website is built and hosted on the Hostinger Website Builder platform, operated by Hostinger International Ltd. Hostinger acts as a service provider (mandatary) for the operation of the website, including processing of contact-form submissions and storage of server logs. Hostinger's infrastructure may be located outside Québec and outside Canada (typically in the European Union). When personal information is transferred outside Québec, we rely on the contractual safeguards offered by Hostinger, including its data-processing terms.

Aside from Hostinger, we do not engage advertising networks, analytics providers, or other third-party processors for the operation of this website. If that changes, this policy will be updated and material changes will be communicated.

8. Retention periods

We retain personal information for only as long as necessary to achieve the purpose for which it was collected, after which it is securely deleted or anonymized, except where a longer period is required by law or by our professional obligations.

Unsolicited inquiries that do not lead to a client relationship: up to 24 months from the last exchange.

Inquiries that lead to an engagement: 7 years from the end of the engagement, in line with the record-keeping rules of the Ordre des CPA du Québec.

Server access logs maintained by Hostinger: per Hostinger's standard retention schedule (typically 30 to 90 days).

Advertising and website-content archives kept by the firm: 36 months, in accordance with the Code of ethics of CPAs.

9. Security measures

We protect personal information with reasonable administrative, technical, and physical safeguards proportionate to its sensitivity, including HTTPS encryption in transit, access controls on our email and devices, secure backups, password discipline, and limitations on who within the firm can access your information.

10. Your rights under Law 25 and PIPEDA

Subject to applicable exceptions, you have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate, incomplete, or out-of-date information; (c) request deletion or de-indexation of personal information; (d) withdraw your consent to a particular use of your personal information; (e) receive a copy of the personal information you provided to us in a structured, commonly used technological format (right to data portability), where this right applies under Law 25; and (f) file a complaint with the Commission d'accès à l'information du Québec (CAI) or with the Office of the Privacy Commissioner of Canada (OPC) if you believe your rights have not been respected.

Requests should be sent in writing to the person responsible identified in Section 2. We will respond within 30 days; if more time is reasonably required, we will let you know within that period.

11. Automated decision-making

We do not use the website to make decisions about you that are based exclusively on automated processing, and we do not engage in profiling through the website. If this changes, we will update this policy and notify users in accordance with Law 25.

12. Children's privacy

Our services and website are directed to organisations, owners, directors, and professionals. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information through the website, please contact the person responsible so we can remove it.

13. Changes to this policy

We may amend this policy from time to time. The effective date at the top of the policy indicates when the latest version came into force. Material changes will be highlighted on this page.

14. Contact

For any privacy-related question or to exercise your rights, please contact the person responsible:

Mathieu-Roger Rivard, CPA auditor, MBA, CIA
Person responsible for the protection of personal information
Rivard Signature Inc.
Email: contact@rivardsignature.ca