Privacy Policy

Last updated: September 10, 2025

At Sourcinc, protecting your personal information is a priority. We are committed to ensuring transparency in our data processing practices, whether you are a client, candidate, or simply a user of our services.

This Privacy Policy (the "Policy") constitutes a formal statement of our rights and obligations. It describes the principles, rules, and practices we apply to comply with applicable personal information protection laws, including:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA – Canada);
  • Quebec's Bill 25, modernizing personal information protection legislation;
  • The General Data Protection Regulation (GDPR – European Union);
  • Any other applicable legislation in the territories where we conduct our activities.

This Policy aims to establish responsible and transparent practices for managing your personal information and to clearly inform you about:

  • The data we collect;
  • The reasons why we use it;
  • How we protect it;
  • Your rights regarding this information.

The Policy applies to all our products and services, including:

  • The Sourcinc website (https://sourcinc.ca);
  • The co//app web application;
  • The co//app application for Windows;
  • The co//app application for macOS.

References to "Sourcinc services" in this Policy include all our websites, applications, software, and recruitment solutions.

Users located in the European Economic Area (EEA) and Switzerland: additional terms apply to you to reflect the rights provided by the GDPR (see section 13).

1. Application and scope

1.1 This Policy applies to any interaction you may have with Sourcinc, whether through our website, applications, software, or recruitment services. It covers all personal information (as defined in section 2) that we collect, use, retain, or disclose, directly or through partners acting on our behalf.

1.2 Concerned persons include, but are not limited to:

  • Our current and potential clients;
  • Candidates (potential or current) for professional opportunities we advertise;
  • Users of our services, applications, and digital platforms;
  • Any person who communicates with us through our official channels.

1.3 This Policy also governs personal information collected when using our official websites:

  • www.sourcinc.ca
  • www.sourcinc.com
  • www.sourcinc.fr

as well as our applications:

  • co//app web application;
  • co//app app for Windows;
  • co//app app for macOS.

1.4 The Policy also explains how we use cookies, third-party scripts (including RB2B, see section 4), and other similar tracking and analytics technologies.

1.5 Whenever you do business with Sourcinc or a person acting on our behalf, your personal information is protected by the rights and guarantees provided by this Policy and by applicable data protection laws.

2. Definition of personal information

2.1 For the purposes of this Policy, and in accordance with applicable laws (PIPEDA, Bill 25, GDPR), the term "personal information" means:

  • Any information concerning a natural person that allows them to be identified directly or indirectly.

2.2 This may include, by way of example and without limitation:

  • Your name, first name, contact information (email, phone number, address);
  • Your account or user profile information;
  • Your professional information, such as your position, employer, resume, and career history, in the context of our recruitment services;
  • Your banking, billing, or credit information, when necessary for a transaction;
  • Communication and service records (e.g., correspondence, information requests, complaints);
  • Connection and browsing data collected when using our websites and applications (see section 5 on cookies and similar technologies).

2.3 Personal information does not include:

  • Aggregated or anonymized data that no longer allows an individual to be identified directly or indirectly;
  • Information concerning a company, organization, or position held, insofar as this data does not directly identify a natural person.

2.4 When we collect data that is pseudonymized, aggregated, or anonymized, we ensure that it cannot be used to re-identify a person, except for specific legal or technical obligations.

3. Collection and use of personal information

3.1 Sources of collection

We primarily collect your personal information directly from you, with your consent, when you interact with us, for example when:

Registering for our services;

  • Submitting your resume or an application form;
  • Creating or managing an account;
  • Communicating with our team by email, phone, or our applications.

As a recruitment agency, we may also collect personal information about you from third-party sources that you have authorized (e.g., LinkedIn, Indeed, or other public professional sites), in accordance with the privacy policies of these third parties and applicable laws.

3.2 Types of information collected

The personal information we may collect includes, depending on the context:

  • Name, first name, contact information (address, email, phone number);
  • Professional information (position, employer, career history, education, skills, resume);
  • Information related to your account or user profile at Sourcinc;
  • Billing and payment information, where applicable;
  • Information made public on professional networks or other legally accessible sources;
  • Data related to the use of our digital services (e.g., preferences, browsing history, application connections).

3.3 Purposes of use

We use your personal information only for the purposes for which it was collected, including to:

  • Establish, develop, and manage our business relationships;
  • Respond to your requests and manage your accounts;
  • Provide our recruitment services and present applications to our clients;
  • Verify candidates' identification information and professional backgrounds;
  • Authenticate identity and protect user confidentiality;
  • Manage our internal operations (training, quality assurance, system security);
  • Conduct internal analyses to improve our services and develop new offerings;
  • Offer personalized recommendations and communicate suitable job opportunities;
  • Conduct satisfaction surveys or market studies;
  • Meet legal or contractual obligations.

3.4 Public profiles and proactive recruitment

If we contact you regarding a professional opportunity, we may use information made public on your professional profiles (e.g., LinkedIn, Indeed). This information will be used solely for recruitment and career development purposes. We do not transmit your information to an employer without obtaining your explicit consent.

3.5 Additional consent

Unless permitted or required by law, we will not collect or use your personal information for purposes other than those described above, except after obtaining your explicit and informed consent.

4. Consent and third-party technologies

4.1 Consent to collection and use

When you use our services or visit our websites, you accept this Policy and consent to the collection, use, processing, and disclosure of your personal information as described in the preceding sections.

Sourcinc obtains consent from concerned persons through various means:

  • In writing (forms, contracts, emails, online registrations);
  • Orally (by phone or during interviews);
  • Electronically (applications, websites, cookie consent banner).

The form of consent will depend on:

  • The sensitivity of the information collected;
  • The reasonable expectations of the concerned person;
  • Applicable legal requirements.

Generally:

  • By subscribing to our services, transmitting your information, or using our sites and applications, you consent to the collection and use of your personal information in accordance with this Policy;
  • You retain the right at all times to withdraw or modify your consent, subject to limitations provided by law (e.g., legal or contractual obligations).

4.2 Use of third-party technologies (including RB2B)

To improve your experience and better understand the use of our site, we use certain analytics, tracking, and marketing technologies.

In particular, we integrate a script provided by RB2B (https://www.rb2b.com/):

  • This script helps us analyze web traffic, identify certain professional visitors, and optimize our B2B communications;
  • Data collected by RB2B may include technical information (e.g., IP address, browser type, pages viewed, time spent on site);
  • This data is processed in accordance with RB2B's privacy policy, accessible directly on their website.

Other tools or partners (e.g., Google Analytics, newsletter distribution solution providers, hosting providers) may also place cookies or scripts for analytical, functional, or marketing purposes.

4.3 Managing your preferences

You can manage your preferences regarding the use of cookies and scripts:

By configuring your browser settings;

By using the consent banner displayed during your first visit to our site;

By contacting us directly to withdraw or modify your consent.

5. Cookies and similar technologies

5.1 Types of cookies used

Our website and applications use cookies and similar technologies (e.g., pixels, beacons, scripts) that serve different purposes. These technologies may be placed by Sourcinc ("internal cookies") or by third-party partners ("third-party cookies").

We distinguish between:

  • Essential cookies: necessary for basic site operation (e.g., session management, security). They cannot be disabled in our systems.
  • Functional cookies: allow for improved personalization and usability (e.g., remembering your preferences).
  • Analytics and performance cookies: used to understand how visitors interact with our site, measure audience, and improve user experience (e.g., Google Analytics).
  • Marketing and advertising cookies: used to personalize content, measure campaign effectiveness, and identify professional visitors (e.g., RB2B script).

5.2 Retention period

Cookie retention duration varies according to their purpose:

  • Session cookies are deleted when the browser is closed;
  • Persistent cookies may be retained for a limited period (generally between 6 and 24 months), unless you delete them manually earlier.

5.3 Managing your preferences

You have several ways to manage your cookies:

  • Consent banner: during your first visit, you can accept, refuse, or customize your cookie choices;
  • Browser settings: you can configure your browser to block or delete certain cookies;
  • Consent withdrawal: you can modify your preferences at any time by clicking the "Manage my cookies" link at the bottom of our site page (if applicable) or by contacting us directly.

5.4 Limitations in case of refusal

Please note that refusing or deleting certain essential or functional cookies may impact the proper functioning of the site and limit your user experience.

6. Sharing and disclosure of personal information

6.1 General principles

Sourcinc does not sell, rent, or exchange your personal information to third parties. We only share it for purposes provided in this Policy, and only when necessary, legally permitted, or with your explicit consent.

6.2 Sharing with our clients

As part of our recruitment services, we may share your personal information with our clients seeking candidates. For example:

  • We conduct searches on public professional sites (e.g., LinkedIn, Indeed) to identify relevant profiles;
  • We then compile reports that present information made public or voluntarily provided by candidates;
  • We may contact you to confirm your interest in an opportunity before transmitting your information to an employer.

Your personal information will only be communicated to a client with your agreement.

6.3 Sharing with third-party service providers

We use trusted service providers (e.g., hosting, newsletter distribution, analytics tools, collection, credit verification, quality control).

  • These providers receive only the information strictly necessary to perform their mandate;
  • They cannot use your information for purposes other than those agreed upon;
  • They are bound by contractual obligations of confidentiality and security equivalent to those of Sourcinc.

6.4 Disclosures required by law

We may be required to disclose personal information under a legal obligation (e.g., regulation, court decision, warrant, government investigation).

We also reserve the right to report any suspected illegal activity to competent authorities and to disclose certain information in emergencies, when necessary to protect life, safety, or the rights of others.

6.5 Business transactions

In case of merger, acquisition, financing, sale, or business transfer, your personal information may be disclosed to third parties involved in the transaction. In such case:

  • If the transaction is finalized, your information will continue to be protected in accordance with applicable laws;
  • If the transaction fails, we will require the third party to destroy or anonymize the information obtained.

6.6 Other types of sharing

We may disclose your information to any person authorized to act on your behalf (e.g., legal power of attorney or duly authorized representative).

6.7 Restricted access

Only Sourcinc employees and authorized third parties who have a legitimate professional need will have access to your personal information. This access is limited by strict security controls.

7. Retention and storage of personal information

7.1 General retention period

We retain your personal information only to meet the purposes for which it was collected and in accordance with applicable laws.

7.2 Retention criteria

The actual retention period may vary depending on:

  • The time necessary to provide services and operate our activities (e.g., performance, security, financial and commercial record keeping);
  • The type of data concerned (e.g., CV or candidate profile retained until you request their deletion, except applicable legal deadlines);
  • Legal, regulatory, or contractual obligations that require us to retain certain information (e.g., tax deadlines, government investigations, litigation).

7.3 End of retention

When personal information is no longer necessary:

  • It is securely destroyed; or
  • It is de-identified/anonymized so that it can no longer be associated with an identifiable individual.

7.4 Extended retention in case of litigation

In certain situations (e.g., disputes, investigations, audits, specific legal obligations), we may retain your information for an extended period, strictly limited to the relevant purpose.

8. Website and application privacy

8.1 Information you provide directly

When you interact with our website or applications, we may collect the personal information you choose to share with us, particularly when you:

  • Fill out a contact, inquiry, or satisfaction form;
  • Submit an application (CV, professional and academic background);
  • Register for our services or our newsletter;
  • Create or manage a user account (e.g., preferences, pre-authorized payments).

This information is used solely to process your requests, manage the relationship with you, and improve our services.

8.2 Information collected automatically

When you visit our website, we may collect certain technical information through cookies, pixels, and other similar technologies, such as:

  • IP address, browser type, operating system, screen resolution, language, and approximate location;
  • Pages visited, time spent, links clicked, and searches performed;
  • Advertisements viewed or interactions with our content.

This data serves to measure and improve the effectiveness of our website, ensure system security, and personalize your experience.

8.3 Social networks and third-party services

We may collect or receive personal information through your interactions with our pages or profiles on social networks (e.g., LinkedIn, Indeed, Facebook, Instagram, YouTube).

  • This data may include your connections, "likes," comments, groups, and public interactions.
  • In some cases, we may supplement your information with data from public sources or authorized third parties.

We encourage you to review the privacy policies of each platform before sharing your information.

8.4 Analytics and advertising tools

  • Google Analytics: we use this tool to analyze website usage. Data is depersonalized. You can disable Google Analytics via the browser extension offered by Google.
  • Google Ads / Remarketing: we use cookies to display targeted advertisements to previous visitors. You can manage your preferences via Google's ad manager.
  • RB2B: as indicated in section 4, we integrate an RB2B script to identify certain professional visitors and optimize our B2B communications.

8.5 Mobile applications

If you download or use one of our applications, we may require certain data for your authentication and proper application functioning.

  • We may also collect your IP geolocation to restrict access to certain territories.
  • Information collected is limited to what is necessary to provide application functionality and security.

8.6 Your choice and control

You can manage your preferences regarding cookies and targeted advertising:

  • By adjusting your browser settings;
  • By using the consent banner during your first visit;
  • By refusing advertising personalization on relevant platforms.

8.7 Third-party policies

This Policy applies only to the use and disclosure of information by Sourcinc. Third-party sites accessible through our services apply their own privacy policies, which we encourage you to review before providing them with your data.

9. Security of personal information

9.1 Protection measures

Sourcinc implements appropriate physical, organizational, and technological security measures to protect your personal information against:

  • Unauthorized access, use, or disclosure;
  • Loss, theft, or accidental destruction;
  • Unauthorized modifications or alterations.

These measures include:

  • Encryption of transmitted data (e.g., SSL/TLS protocol);
  • Secure storage of information in protected environments limited to authorized persons;
  • Firewalls, intrusion detection systems, and strict access controls;
  • Regular backups and restoration procedures in case of incident.

9.2 Restricted access

Only employees, consultants, subcontractors, or trusted third parties who have a legitimate professional need have access to your personal information.

  • This access is granted in a limited manner and governed by contractual obligations of confidentiality and security.
  • Regular training on data protection is provided to our teams.

9.3 Secure retention

Information is retained only for the necessary duration (see section 7). Upon expiry, it is securely destroyed or anonymized to prevent any re-identification.

9.4 Incident management and notification

In case of a privacy incident likely to result in a serious risk of harm, Sourcinc commits to:

  • Immediately take necessary measures to limit impacts;
  • Maintain a documented record of any incident;
  • Promptly notify the Quebec Commission on Access to Information (CAI), the Privacy Commissioner of Canada (OPC), or any other competent authority;
  • Inform concerned persons when the incident presents a risk of serious harm.

9.5 Ongoing responsibility

Personal information security is an ongoing process. We regularly review and update our security policies, practices, and systems to account for:

  • Technological developments;
  • New cybersecurity threats;
  • Applicable legislative changes.

10. Personal information stored or processed outside Canada and France

10.1 Storage and processing

Your personal information may be stored and processed:

  • In Canada and France, where Sourcinc maintains its main operations and infrastructure;
  • In other jurisdictions where our service providers, subsidiaries, or trusted partners have facilities.

Generally, we choose storage locations that favor:

  • Operational efficiency and service performance;
  • Redundancy and resilience;
  • Compliance with applicable data protection laws.

10.2 Contractual guarantees

When personal information is transferred to another country, it may be subject to local laws and accessible to competent government authorities.

Sourcinc takes measures to ensure that your data benefits from an equivalent level of protection, particularly by contractually imposing strict standards of confidentiality, security, and protection on our providers.

10.3 Notification in case of sensitive transfer

When required by law, we will inform you in advance if your personal information must be transferred to a jurisdiction with a different level of protection, and we will collect your consent when required.

11. Your rights

11.1 Access and rectification

You have the right to ask if we hold personal information about you and, if so:

  • To obtain a copy of this information;
  • To request its rectification if it is incomplete, inaccurate, or outdated.

11.2 Right to deletion ("right to be forgotten")

You may request the deletion of your personal information when:

  • It is no longer necessary for the intended purposes;
  • You withdraw your consent and no other legal basis justifies its retention;
  • Its processing is unlawful.

11.3 Withdrawal of consent

You may withdraw your consent to the use of your personal information, in whole or in part, subject to applicable legal or contractual restrictions.

11.4 Right to portability

You may request that your personal information be communicated to you in a structured, machine-readable format, or that it be transferred directly to another organization, when technically possible.

11.5 Limitation and objection

You may request:

  • That we limit the processing of your information (e.g., during verification of its accuracy);
  • To object to the processing of your data for prospecting, marketing, or profiling purposes.

11.6 Automated decisions

If we use an automated decision-making process producing significant legal effects concerning you, you have the right:

  • To obtain information about the logic behind this decision;
  • To request human intervention;
  • To challenge the decision.

11.7 Complaint to an authority

You may file a complaint with:

  • The Quebec Commission on Access to Information (CAI);
  • The Privacy Commissioner of Canada (OPC);
  • The competent supervisory authority in your country of residence (EEA or Switzerland).

11.8 Exercising your rights

To exercise your rights, please contact us at the coordinates indicated in section 12. We will process your requests within the deadlines provided by law and may ask you to confirm your identity before responding.

12. Personal information protection officer and contact information

12.1 Responsible person

Sourcinc has designated a personal information protection officer (also called Data Protection Officer – "DPO").
She ensures Sourcinc's compliance with data protection laws and the application of this Policy.

12.2 How to contact us

For any questions, concerns, complaints, or requests related to this Policy or the exercise of your rights, you can contact us:

Email: privacy@sourcinc.com

Postal addresses:

Sourcinc Canada

60 Saint-Jacques Street, suite 100
Montreal, Quebec, H2Y 1L5
Canada

12.3 Processing deadlines

We will respond to your requests within the deadlines provided by law. In some cases, we may ask you for additional information to confirm your identity.

13. Additional terms for users located in the European Economic Area (EEA) and Switzerland

Last updated: September 10, 2025

If you are located in the EEA or Switzerland, the following provisions apply in addition to this Policy. In case of contradiction, the provisions of this section will prevail.

13.1 Legal bases for processing

We only process your personal information if we have a legal basis provided by the GDPR, including:

  • Consent: when you have given us your explicit agreement for a specific processing;
  • Contract: when processing is necessary for the performance of a contract concluded with you or to take pre-contractual measures at your request;
  • Legal obligation: when processing is required to comply with EU, Swiss, or Member State law;
  • Legitimate interests: when processing is necessary to pursue our legitimate interests (e.g., fraud prevention, IT security, service improvement, customer and business relationship management), provided that your fundamental rights and freedoms do not override them.

For any questions regarding the legal basis underlying processing, you can contact our Personal Information Protection Officer (see section 12).

13.2 Transfer of your personal information outside the EEA or Switzerland

Your personal information may be transferred and processed outside your country of residence, particularly to Canada (where Sourcinc is established) and, in some cases, to the United States or other countries where our service providers are located.

We implement appropriate legal mechanisms to ensure an adequate level of protection, for example:

  • Standard contractual clauses approved by the European Commission;
  • Assessment of compliance and security of our providers;
  • Additional technical and organizational security measures.

13.3 Additional rights

In addition to the rights described in section 11, you have, under the GDPR, the following rights:

  • Restrict the processing of your data when you contest their accuracy, their unlawful processing, or the necessity of their retention;
  • Object at any time to the processing of your data based on our legitimate interests, except for compelling reasons on our part;
  • Request the deletion of your data, except for exceptions provided by law;
  • Request the portability of your data, i.e., obtain a copy of your information in a machine-readable format or request their transfer to a third party.

13.4 Exercise of rights and complaints

To exercise your rights, you can contact our Personal Information Protection Officer at: privacy@sourcinc.com.
If you believe your rights are not being respected, you can also file a complaint with the competent data protection authority, including:

  • The National Commission on Informatics and Liberty (CNIL) in France;
  • The supervisory authority of your country of residence in the EEA;
  • The Federal Data Protection and Information Commissioner (FDPIC) in Switzerland.

14. Policy updates and effective date

14.1 Updates

Sourcinc reserves the right to modify this Privacy Policy to reflect:

  • Changes in our internal practices;
  • Applicable legislative or regulatory changes (e.g., Bill 25, PIPEDA, GDPR);
  • New technologies or solutions we deploy.

Any update will be published on our website and the date of the last revision will appear at the top of this page.

14.2 Notification of significant changes

In case of substantial modifications that would affect your rights or how we process your personal information, we will inform you directly (for example via email or notification in your account) and, when required, we will seek your consent again.

14.3 Effective date

This Policy takes effect as of September 10, 2025 and replaces any previous version.