Arteco Solutions is a digital agency specialized in custom software development, websites and management applications for SMEs, established in Quebec, Canada.
We only collect the following personal information when you use our contact form:
Full name — to identify you and personalize our response
Email address — to communicate with you and respond to your request
Phone number — to reach you if needed
Subject and message — to understand your request
IP address — used temporarily for security purposes (form rate limiting, max 10 minutes). Never stored raw: hashed immediately with a daily salt for analytics
Technical information (browser, device, language) — to improve our site
3. Purposes of collection
Your personal information is collected for the following purposes:
Respond to your inquiries
Communicate with you about our services
Ensure the security of our website
Comply with our legal obligations
4. Legal basis for processing
We process your personal information based on:
Your consent — given explicitly via the contact form
Legitimate interests — site security and fraud prevention
5. Communication to third parties
Your personal information may be communicated to the following third parties:
5.1 Email service
Amazon Web Services (AWS Simple Email Service) — SMTP service provider, ca-central-1 region (Montréal/Calgary)
Information shared: name, email, phone, subject, message
Purpose: secure transmission of contact form emails
Information accessible: technical data (server logs, IP address)
Purpose: hosting and operation of the website
Server location: Canada
6. Transfer of information outside Canada
All of your personal information is processed and stored in Canada:
Web hosting: servers located in Canada
Email service (AWS SES): ca-central-1 region (Montréal/Calgary)
No personal information is transferred outside Canada in the course of normal site operation. If such a situation were to occur in the future, it would be announced in this policy in advance and handled in accordance with Law 25.
7. Retention period
Your personal information is retained according to the following durations:
Contact form messages: 6 months maximum, then secure deletion
Session cookies (PHPSESSID): until browser closure
Rate limiting data: 10 minutes maximum
Analytics data (PFA): hashed with a fresh cryptographic salt generated every day (old salts are purged after 90 days). No raw IP address is ever retained
After these periods, your information is deleted securely.
8. Your rights
In accordance with Law 25, you have the following rights:
Right of access — consult your personal information
Right of rectification — correct your information
Right to deletion — request the erasure of your data
Right to portability — receive your data in a structured format
Right to withdraw consent — withdraw your consent at any time
Our site and services are not intended for persons under 14 years of age. We do not knowingly collect personal information from minors under 14.
If we learn that we have collected personal information from a minor under 14 without the required parental consent, we will take the necessary measures to delete this information as soon as possible.
10. Confidentiality incident
In accordance with Law 25, in the event of a confidentiality incident involving your personal information (unauthorized access, loss, theft, or unauthorized communication), we commit to:
Take reasonable measures to reduce the risk of harm and prevent new incidents of the same nature
Notify the Commission d'accès à l'information du Québec (CAI) if the incident presents a serious risk of harm
Notify affected individuals if the incident presents a serious risk of harm
Maintain a register of confidentiality incidents
Notification will be made as soon as possible and will contain the description of the information involved, the circumstances of the incident, and the measures taken to reduce its consequences.
11. Data security
We implement the following security measures to protect your personal information:
No external fonts loaded — the site uses your browser's system fonts (no data sent to Google Fonts or other third parties)
Restricted access to personal information (strong password authentication, brute-force protection)
Secure servers with firewall and regular updates
12. Cookies and similar technologies
Our site uses the following cookies:
12.1 Essential cookies
PHPSESSID — PHP session cookie
Purpose: form anti-spam protection (CSRF token, rate limiting)
Duration: until browser closure
Type: first-party cookie
lang — language preference
Purpose: remember your language choice (FR or EN) to avoid repeated automatic redirects
Set: by JavaScript on first click of the language switcher, or during automatic redirect based on your browser language
Duration: 1 year
Type: first-party functional cookie
No advertising tracking cookies are used on this site. Both cookies are strictly necessary for the service to function (anti-spam and interface preference) — exempt from explicit consent under Quebec's Law 25.
13. Policy changes
We reserve the right to modify this privacy policy at any time. Any modification will be published on this page with a new update date.
We encourage you to consult this page regularly to stay informed about our personal information protection practices.
14. Complaint to the CAI
If you believe that your rights regarding the protection of personal information are not being respected, you have the right to file a complaint with the Commission d'accès à l'information du Québec (CAI):
