Privacy Policy

What we collect, why we collect it, and what rights you have over it.

Effective April 2026 · Last updated 20 April 2026

This Privacy Policy describes how Elite Consultation Services Inc. ("Elite Consultation," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with the website eliteconsultation.ca (the "Website") and our consulting, training, and speaking services. This Policy is designed to comply with the Act respecting the protection of personal information in the private sector (Quebec Law 25), the Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable international privacy standards.

1. About us

Elite Consultation Services Inc. is a Quebec corporation headquartered at 2215 Halpern Street, Montreal, Quebec H4S 1S3, Canada. We provide AI adoption consulting, corporate training, and speaking services to organizations across Quebec, Canada, and internationally.

For the purposes of Quebec Law 25, Elite Consultation is the person carrying on the enterprise responsible for the protection of personal information.

2. Privacy Officer

Mael Houck, Founder, serves as our designated Privacy Officer and is responsible for personal information protection across the enterprise.

Contact the Privacy Officer
  • Email: info@eliteconsultation.ca
  • Phone: (514) 427-2711
  • Mail: Privacy Officer, Elite Consultation Services Inc., 2215 Halpern Street, Montreal, Quebec H4S 1S3, Canada

The Privacy Officer oversees our privacy program, reviews personal information handling practices, responds to access and correction requests, and manages privacy incidents.

3. Information we collect

We collect personal information directly from you when you interact with our Website or engage our services. We limit collection to what is necessary for the purposes described in Section 4.

Information you provide directly
  • Contact form: name, email, organization, role (optional), interest area, and the content of your message.
  • Booking: name, email, and any information you enter while scheduling a discovery call through our scheduling tool.
  • Consulting, training, and speaking engagements: contact details for the client’s point of contact, any participant names and emails the client shares for program delivery, invoicing information, and the content of our professional communications.
  • Meetings: when you consent to meeting recording, audio and/or transcript of the meeting (see Section 5).
Information collected automatically
  • Technical data: IP address, browser type, device type, operating system, referring URL, and pages viewed.
  • Analytics events: pageviews, scroll depth, and click events on interactive elements — collected only if you grant analytics consent through the cookie banner.
  • Error monitoring: when errors occur, our error monitoring system captures a stack trace and technical context to help us diagnose issues. IP addresses are masked where feasible.
Sensitive information
  • We do not knowingly collect health, financial account, government identifier, biometric, or other sensitive personal information through the Website. Clients who share such information during professional engagements are asked to avoid doing so unless strictly necessary for the mandate.

4. Purposes and legal basis

We collect and use personal information for the following purposes:

Purposes
  • Respond to inquiries submitted through the contact form and schedule discovery calls.
  • Deliver consulting, training, and speaking engagements that you or your organization have retained us to provide.
  • Operate, maintain, and secure the Website and related systems.
  • Understand how visitors use the Website so we can improve content and navigation (only with analytics consent).
  • Comply with legal, regulatory, tax, and audit obligations.
  • Detect, prevent, and investigate fraud, abuse, or security incidents.
  • Send transactional communications (replies, meeting confirmations, invoices, and service-related notices).

Our legal basis under Quebec Law 25 and PIPEDA is your consent, the performance of a contract to which you are a party or at your request, or a legitimate interest that does not override your rights (for example, preventing abuse of the Website).

We will not use your personal information for a materially different secondary purpose without notifying you and, where required, obtaining your consent.

5. Use of artificial intelligence and transcription tools

In the course of service delivery and internal operations, we use AI assistants (large language models provided by established third-party vendors) for tasks such as drafting, summarizing, and analytical assistance. Our agreements with these vendors provide that inputs and outputs are not used to train their models by default.

With the prior explicit consent of all participants, we may also use meeting transcription tools during client engagements. Where such tools are used, the arrangement is documented in the Service Agreement.

We do not use AI to make automated decisions that produce legal or significant effects on you without human review. Where AI assists in drafting client deliverables, a human reviews and validates the output before delivery.

You may request that your personal information be excluded from AI processing at any time by contacting the Privacy Officer.

6. Cookies and similar technologies

The Website uses cookies and similar technologies. A cookie banner appears on first visit and lets you grant or withhold consent for non-essential cookies. You can change your preferences at any time via the "Cookie preferences" link in the footer.

Categories
  • Strictly necessary — required for the Website to function (e.g., remembering your language preference and consent state). These cookies are set without consent because the Website cannot operate without them.
  • Functional — enhance user experience (e.g., remembering interactions). Set only after consent.
  • Analytics — help us understand how visitors use the Website. Provided by a privacy-forward analytics tool hosted in the European Union. Set only after consent. IP addresses are anonymized where supported.
  • Marketing — not currently used by default. If we introduce marketing cookies in the future, we will update this Policy and request consent before activation.

Withdrawing consent does not affect processing performed before withdrawal but stops future processing of that category.

7. Categories of service providers

We engage trusted service providers to operate the Website and deliver our services. Each provider is contractually bound to process personal information only for the purposes we specify and to maintain appropriate security safeguards.

Categories
  • Website infrastructure — hosting, content delivery, and network security (providers located in Canada, the United States, and the European Union).
  • Transactional email — delivery of replies, meeting confirmations, and service-related notices (provider located in the United States).
  • Customer relationship management — storage of contact form submissions and engagement history (provider located in the United States).
  • Meeting scheduling — handling of discovery call bookings (provider located in the United States).
  • Analytics — understanding Website usage, only with your consent (provider located in the European Union).
  • Error and performance monitoring — technical diagnostics to maintain service quality (provider located in the European Union).
  • Professional operations — email, document storage, AI-assisted drafting, workflow automation, meeting transcription (with consent), and payment processing used in the course of client engagements.

The specific identity of our material service providers, along with the relevant safeguards, is available from the Privacy Officer on request and, for client engagements, is documented in the applicable Service Agreement.

8. Cross-border transfers

Some of our service providers are located outside Quebec, including in Canada, the United States, and the European Union. When personal information is transferred outside Quebec, we assess whether the personal information will receive protection equivalent to what it would receive here and rely on contractual safeguards (including data processing agreements and, where applicable, standard contractual clauses).

By submitting personal information to us or using our services, you consent to such transfers. You may contact the Privacy Officer for additional information about the safeguards in place for a specific transfer.

9. Data retention

We retain personal information only as long as necessary for the purposes described in Section 4, to comply with legal obligations, or to resolve disputes.

Indicative retention periods
  • Contact form submissions and associated CRM records: up to 24 months after the last meaningful interaction, unless you become a client or a longer period is required for the engagement.
  • Client engagement records (contracts, deliverables, invoices, correspondence): for the duration of the engagement and for the periods required by Quebec tax and corporate law (typically 6 years), and by professional obligations where applicable.
  • Meeting recordings and transcripts: deleted at the end of the engagement unless a longer retention is agreed in writing.
  • Website analytics data: retained for up to 24 months at the event level; aggregated metrics may be kept longer.
  • Error and security logs: typically 90 days, longer where a specific investigation requires it.
  • Email transactional logs: in accordance with the provider’s defaults (typically 30 days), plus whatever Elite Consultation retains in its own records.

At the end of the applicable retention period, personal information is securely deleted or anonymized.

10. Your rights

Under Quebec Law 25 and PIPEDA, you have the following rights with respect to your personal information:

Rights
  • Right of access — obtain confirmation of whether we hold personal information about you and obtain a copy.
  • Right of rectification — request the correction of inaccurate, incomplete, or ambiguous information.
  • Right to withdraw consent — withdraw consent to processing (including analytics) at any time. Withdrawal does not affect processing performed before withdrawal.
  • Right to deletion (de-indexing and cessation of dissemination) — in the circumstances prescribed by Quebec Law 25, request that we stop disseminating or de-index information about you, or request deletion.
  • Right to data portability — where supported, receive personal information in a structured, commonly used, technological format.
  • Right concerning automated decision-making — if we make a decision about you based exclusively on automated processing, you have the right to be informed and to submit observations for human review.
  • Right to be informed of a confidentiality incident — we will notify you and the Commission d’accès à l’information where a confidentiality incident presents a risk of serious injury.

To exercise these rights, contact the Privacy Officer (Section 2). We will respond within 30 days. If we cannot honour a request, we will explain why and inform you of your recourses.

Filing a complaint
  • Quebec — Commission d’accès à l’information du Québec (CAI): cai.gouv.qc.ca · Québec City: 418-528-7741 · Montreal: 514-873-4196.
  • Canada (federal) — Office of the Privacy Commissioner of Canada (OPC): priv.gc.ca · 1-800-282-1376.

11. Security safeguards

We implement administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. Measures include:

Safeguards
  • Encryption in transit (TLS) for all Website traffic and API connections with service providers.
  • Encryption at rest for hosted data where supported by the provider.
  • Role-based access control on internal systems; administrator access restricted to the Privacy Officer.
  • Multi-factor authentication on all administrator accounts and all integrated SaaS platforms that support it.
  • Hardware-backed credential management and password hygiene controls.
  • Regular review of service provider security posture.
  • Background practices: screen locks, device-level disk encryption, separation of client and personal data environments.

No security control can be absolute. If you suspect your personal information has been compromised, contact the Privacy Officer without delay.

12. Privacy incident management

Elite Consultation maintains a confidentiality incident register and a response procedure aligned with Quebec Law 25 requirements.

In the event of an incident
  • We assess the nature, sensitivity, volume, and context of the information involved, and the identifiable risk of serious injury.
  • We take reasonable steps to reduce the risk of injury and prevent further incidents.
  • Where the incident presents a risk of serious injury, we notify the Commission d’accès à l’information du Québec and the affected individuals without delay.
  • We record the incident in our register, including the date, the nature of the information, the measures taken, and the notifications made.

13. Children’s privacy

The Website and our services are directed at professionals and organizations. They are not intended for children under the age of 14. We do not knowingly collect personal information from children under 14. If you believe we have collected information from a child, contact the Privacy Officer and we will delete it promptly.

14. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, service providers, or legal obligations. When we do, we update the "Last updated" date above and publish the revised Policy on the Website. Material changes will be announced on the home page for at least two weeks before they take effect.

15. Contact

For questions about this Policy, to exercise your rights, or to raise a concern, contact our Privacy Officer:

Mael Houck, Privacy Officer

Elite Consultation Services Inc.

2215 Halpern Street

Montreal, Quebec H4S 1S3, Canada

Email: info@eliteconsultation.ca

Phone: (514) 427-2711

Have a question about how your data is handled?

Ask us