Law 25 · Personal information protection

Privacy policy.

Last updated: April 21, 2026

1. Company identification

Arteco Solutions is a digital agency specialized in custom web application development and premium showcase websites, established in Quebec, Canada.

Personal information protection officer:
Krystina Faucher
Email: info@artecosolutions.com

2. Personal information collected

We only collect the following personal information when you use our contact form:

  • Full name — to identify you and personalize our response
  • Email address — to communicate with you and respond to your request
  • Phone number — to reach you if needed
  • Subject and message — to understand your request
  • IP address — for security and fraud prevention purposes (hashed for analytics)
  • Technical information (browser, device, language) — to improve our site

3. Purposes of collection

Your personal information is collected for the following purposes:

  • Respond to your inquiries
  • Communicate with you about our services
  • Ensure the security of our website
  • Comply with our legal obligations

4. Legal basis for processing

We process your personal information based on:

  • Your consent — given explicitly via the contact form
  • Legitimate interests — site security and fraud prevention

5. Communication to third parties

Your personal information may be communicated to the following third parties:

5.1 Email service

Amazon Web Services (AWS SES) — SMTP service provider

  • Information shared: name, email, phone, subject, message
  • Purpose: secure email transmission
  • Privacy policy: aws.amazon.com/privacy

5.2 Web hosting

Dedicated VPS — hosting server

  • Information accessible: technical data (server logs, IP address)
  • Purpose: hosting and operation of the website
  • Server location: Canada

6. Transfer of information outside Canada

Some of your personal information may be transferred and processed outside Canada by our service providers:

  • AWS SES (email): United States (primary region us-east-1)

These transfers are carried out in accordance with Law 25. We ensure that these providers offer a level of personal information protection equivalent to that provided by Quebec law, notably through:

  • Contractual agreements imposing confidentiality obligations
  • Adequate technical and organizational security measures
  • Compliance with internationally recognized security standards

7. Retention period

Your personal information is retained according to the following durations:

  • Contact form messages: 6 months maximum, then secure deletion
  • Session cookies (PHPSESSID): until browser closure
  • Rate limiting data: 10 minutes maximum
  • Analytics data (PFA): hashed with a daily salt renewed every 90 days, no raw IP address retained

After these periods, your information is deleted securely.

8. Your rights

In accordance with Law 25, you have the following rights:

  • Right of access — consult your personal information
  • Right of rectification — correct your information
  • Right to deletion — request the erasure of your data
  • Right to portability — receive your data in a structured format
  • Right to withdraw consent — withdraw your consent at any time

To exercise these rights, contact us at info@artecosolutions.com.

We will respond to your request within 30 days.

9. Protection of minors

Our site and services are not intended for persons under 14 years of age. We do not knowingly collect personal information from minors under 14.

If we learn that we have collected personal information from a minor under 14 without the required parental consent, we will take the necessary measures to delete this information as soon as possible.

10. Confidentiality incident

In accordance with Law 25, in the event of a confidentiality incident involving your personal information (unauthorized access, loss, theft, or unauthorized communication), we commit to:

  • Take reasonable measures to reduce the risk of harm and prevent new incidents of the same nature
  • Notify the Commission d'accès à l'information du Québec (CAI) if the incident presents a serious risk of harm
  • Notify affected individuals if the incident presents a serious risk of harm
  • Maintain a register of confidentiality incidents

Notification will be made as soon as possible and will contain the description of the information involved, the circumstances of the incident, and the measures taken to reduce its consequences.

11. Data security

We implement the following security measures to protect your personal information:

  • Encrypted transmission via HTTPS (TLS 1.3)
  • Validation and sanitization of all user inputs
  • Anti-spam protection (honeypot, rate limiting, CSRF)
  • Self-hosted web fonts (no data sent to Google Fonts)
  • Restricted access to personal information (strong password authentication, brute-force protection)
  • Secure servers with firewall and regular updates

12. Cookies and similar technologies

Our site uses the following cookies:

12.1 Essential cookies

  • PHPSESSID — PHP session cookie
    • Purpose: form anti-spam protection (CSRF token, rate limiting)
    • Duration: until browser closure
    • Type: first-party cookie

No advertising tracking cookies are used on this site. No language cookie is set: the FR/EN version is served according to your manual choice or your Accept-Language header on first visit.

13. Policy changes

We reserve the right to modify this privacy policy at any time. Any modification will be published on this page with a new update date.

We encourage you to consult this page regularly to stay informed about our personal information protection practices.

14. Complaint to the CAI

If you believe that your rights regarding the protection of personal information are not being respected, you have the right to file a complaint with the Commission d'accès à l'information du Québec (CAI):

Commission d'accès à l'information
Phone: 1 888 528-7741
Website: cai.gouv.qc.ca