Privacy Policy

 

KAIRA TECHNOLOGIES INC. 

PRIVACY POLICY 

Protecting your privacy is important to Kaira Technologies Inc. (“Kaira” or “we”). That is why we take the privacy of our users’ personal information and compliance with applicable laws very seriously. 

The purpose of this Privacy Policy (the “Policy”) is to explain and describe how we collect, use, and disclose your personal information. The Policy is designed to comply with Quebec and Canadian privacy laws, as well as the General Data Protection Regulation (“GDPR”) applicable to individuals in the European Union (“EU”). 

  1. Scope of Policy 

The Policy applies to personal information in our possession or control, including information collected when using the Kaira mobile application or when browsing the Kaira website (the  “Web Services”). The Policy also applies to information we receive from third parties about you while providing our services. 

  1. Acceptance 

The use of the Web Services is also subject to compliance with our Terms and Conditions, which are available on the Kaira mobile application. By accessing our Web Services, you agree to be bound by the terms and conditions contained in the Policy. If you do not agree to be bound by these terms and conditions, please do not access or use our Web Services. 

  1. Modifications to the Policy 

We occasionally update this Policy and reserve the right to change the content of this Policy at any time. Any changes made will appear on our website and in our application. The date of the latest version of this Policy appears at the bottom of the page. We recommend that you print a copy of this Policy for your records and review this section of our Web Services periodically. 

  1. Consent 

Kaira acknowledges that your consent to the collection, use, and disclosure of your personal information must be manifest, free, and informed. Your consent must be given for specific purposes. Depending on the nature and sensitivity of the personal information, your consent may be express (such consent may be given orally, in writing, or electronically) or implied (for example, when you voluntarily provide us with personal information). Generally, Kaira will seek your consent at the time of collection, except where we are required or otherwise permitted by law.

Policy updated on December 20, 2024. 

Your consent can be withdrawn at any time, subject to applicable legal restrictions and reasonable notice. Please note that if you choose to withdraw your consent to the collection,  use, or disclosure of your personal information, our Web Services may no longer be available to you, and Kaira may no longer be able to provide certain services to you. 

  1. Collection of your personal information 

Kaira collects only the personal information about you that is necessary for establishing, managing, and maintaining its relationship with you. 

For example, and without limitation, personal information may be collected when you submit information via our Web Services, register for access to your online account, sign up to receive our newsletter, or participate in other interactive online activities. Personal information collected may include, but is not limited to, identification information, such as your first and last name,  date of birth, employer, complete home address, telephone number, e-mail address, and  Internet Protocol (commonly called “IP address”). 

Information that does not identify you personally, such as information about your professional status, family situation, dreams, and plans, may also be collected to enable us to provide you with personalized services. 

  1. Collection of personal information through third parties 

Generally, we obtain information directly from you. However, we may also collect personal information about you from outside sources, with your consent or without your consent, if permitted by law. 

To provide services related to your financial health, Kaira will also collect financial information that you have authorized it to collect directly from your financial institutions. This financial information, which may include, but is not limited to, your salary, assets, liabilities,  transactions, loans, credit cards, mortgage,s and other obligations, will be updated automatically to enable us to provide our personalized financial coaching services (daily or such other frequency as may be required to provide our services). 

  1. Use of your personal information 

The purposes for which Kaira collects your personal information are determined before or at the time of collection. Kaira may use your personal information for the following purposes: 

  • identify you as a user of our Web Services and allow you to access your account;2 

Policy updated on December 20, 2024. 

  • provide you with personalized financial coaching; 
  • help you maintain good financial health and develop your financial literacy; ● establish and maintain our business relationship; 
  • improve our service offerings, including the use of Web Services or any other online  service, and to support our research and development; 
  • communicate with you when you submit questions, comments, and suggestions; ● provide you with information about our financial services and products that may be of  interest to you; 
  • prevent error and fraud; 
  • meet legal requirements. 

Kaira may also use your personal information to compile statistics. However, these statistics do not identify you and have been de-identified. Your personal information will not be used for purposes other than those described above, except with your consent, or as required or permitted by law. 

  1. Automated decision making 

Your personal information may be used by Kaira to make automated decisions about services that may be of interest or relevance to you. This automated decision-making will have no legal or juridical effect on you. It is intended to automatically generate recommendations based on  

your personal and financial information. Upon request, Kaira will provide you with information on the functioning of this automated system. 

  1. Communication of your personal information to third parties in Québec 

Kaira recognizes that, except as described below or as permitted by law, the communication of our personal information to third parties requires your consent. 

Access to your personal information within our company does not require your consent.  However, it is strictly limited to those individuals for whom such information is necessary to carry out their duties and responsibilities. 

Kaira may share your personal information, without your consent, with its agents, service providers, or consultants who require such information in connection with Kaira’s business or to assist Kaira in administering its Web Services. Such agents, service providers, and consultants will contractually guarantee that they will use your personal information exclusively to provide specific services and that they will keep it confidential in accordance with this Policy. 

If your employer has provided you with free access to Kaira, we may share with them statistics compiled from your personal information. However, these statistics will not identify you and will have been de-identified. Kaira is committed to de-identifying your personal information and adopting statistical best practices to ensure that your employer cannot identify you.

Policy updated on December 20, 2024. 

Kaira may also, without your consent, disclose your personal information, where permitted or required by law, for example, to prevent fraud or serious physical harm to any person.  Whenever Kaira is required to disclose your personal information, Kaira will endeavor to disclose no more information than is required under the circumstances. 

  1. Disclosure of your personal information outside the province in which you ordinarily  reside 

Kaira may from time to time disclose your information outside of the province in which you normally reside (to another province) as part of the performance of a service or business contract, such as for hosting or data processing. Where applicable, we will take all appropriate measures to ensure that the third-party service provider will protect your personal information with the same standards of protection as Kaira and that your personal information will not be used for purposes other than those permitted by the collection or by law. If we disclose sensitive personal information about you outside of Canada, we will obtain your express consent. You have the right to know, upon request, to whom your personal information is disclosed and the circumstances leading up to the disclosure, and contact information for making such a request is provided in section 15 of the Policy. 

  1. Cookies 

Your use of the Web Services allows Kaira to automatically compile certain information about your user profile, which may include the Internet Protocol address (or IP address) of your omputer, your geolocation area, the operating system you are using, the identity of your  Internet Service Provider, the date and time you access this website, the previous website you visited that provided you with a link to our website, and the content viewed and downloaded from our website. 

To do this, our website, like most websites, uses cookies, which are small data files that are stored on your computer when you visit it. Kaira and its service providers use this information to tailor the website to your preferences and to compile statistics about website visits and usage in order to improve the website. 

As with most Internet browsers, it is possible to erase cookies from your computer’s hard drive,  block the creation of cookies, or receive a warning before a cookie is stored. However, doing so may affect your use of our Web Services, and you may not have access to all of its features. We encourage you to visit the Ads Settings and Network Advertising Initiative sites and your browser’s instructions or help section for more information about cookies. 

  1. Security safeguards

Policy updated on December 20, 2024. 

Kaira put in place a series of security safeguards to protect your personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, and modification,  considering, among other things, the sensitivity of the information and the purposes for which it is used. 

These security measures include:

  • physical measures (e.g., office access cards for employees, registration of visitors,  backup and archiving of data using an external system, etc.) ; 
  • administrative or organizational measures (e.g., restricting access to what is strictly necessary, restricting changes based on the principle of least privilege); and 
  • technological measures (such as de-identifying your personal information, using passwords, using a firewall, encrypting data, using SSL protocol, etc.) that are reasonable in light of the sensitivity of the information, its use, amount, distribution, and medium. 

Kaira also applies necessary measures to ensure that all of its employees are informed about the contents of the Policy and are aware of its privacy practices. 

However, since no mechanism provides flawless security, a residual risk remains. It is your responsibility, if you create an account on our Web Services, to keep your password confidential and to change it regularly, including the usage of Authentication factors (2FA). 

If a security incident involving personal information occurs, Kaira will, where required by law,  disclose to the Commission d’accès à l’information du Québec, to the Office of the Privacy  Commissioner of Canada, and to affected individuals the occurrence of such incident, and we will take steps to minimize the impact of the security incident on affected individuals. Kaira will also investigate the security incident and adopt methods to reduce the risk of a similar nature or similar type of security incident occurring again. Kaira maintains a record of all security incidents involving personal information and, upon request and where required by law, will make such record available to the appropriate privacy authorities. 

  1. Accuracy 

Kaira recognizes that it is important to keep personal information accurate, complete, and up-to-date, and takes reasonable steps to ensure the accuracy and completeness of the information it uses or discloses. However, you are responsible for informing Kaira of any significant changes to your personal information that may occur and for ensuring that all personal information in your account is accurate.

Policy updated on December 20, 2024. 

It is also your responsibility to keep your information up to date with your financial institution, given the daily communication of information between your financial institution and Kaira. If you notice that your financial information needs to be corrected, we ask that you make the changes with your financial institution immediately. 

Kaira retains your personal information only as long as necessary to fulfill the purpose for which it was collected, to meet legal retention requirements, and as long as necessary to protect its legitimate business interests. 

  1. Processing of personal information of persons within the European Economic Area  (EEA) and/or EU 

Kaira complies with the provisions of the GDPR, where applicable. Section 14 of the Policy applies exclusively to the processing of personal information in connection with the EEA and the  EU, insofar as such processing takes place while the people involved are in the EU or EEA and here the processing activities relate to the provision of goods or services or the monitoring of a person’s conduct, insofar as it involves conduct occurring within the EEA or EU. In case of conflict between this section 14 and the rest of the Policy, the provisions of this section shall prevail, only where the processing takes place while the people involved are in the EU or EEA  and where the processing activities relate to the provision of goods or services or the monitoring of the behavior of those persons, to the extent that it is conduct taking place within the EEA or  EU. 

14.1 Consent – If your consent is provided in a written statement that addresses other matters,  Kaira will ensure that the request for consent to process your personal information is separated. 

14.2 Collection, Retention, and Use of Personal Information – Kaira will not retain personal information longer than is necessary to fulfill the purposes for which it was collected, and Kaira will take reasonable steps to indicate in advance the duration for which that personal information may be retained or the criteria for determining said duration. 

14.3 Automated Individual Decision Making – Kaira recognizes that you have the right to know whether your personal information is processed by an automated decision-making system.  Upon request, Kaira will provide you with information on the functioning of this automated system. Unless required or permitted by law, you have the right to refuse to allow a decision based solely on an automated system to be made about you, where that decision has legal consequences for you.

Policy updated on December 20, 2024. 

14.4 Privacy Impact Assessment – Kaira will conduct a privacy impact analysis before implementing new technologies that are highly likely to infringe on your rights and freedoms,  including your right to privacy. 

14.5 Right to Erasure – Where permitted by law, you have the right to request Kaira to remove d erase personal information without unreasonable delay. 

14.6 Accuracy and protection – Kaira will implement appropriate technical and organizational measures to protect personal information prior to its collection. 

Kaira will only share personal information with outside agents, mandataries, consultants, data processors, or service providers when they assure Kaira that appropriate measures are in place to protect personal information. 

14.7 Liability – Kaira acknowledges that it is responsible for the protection of personal information and can demonstrate its compliance with the GDPR when processing personal information. 

14.8 Complaint procedure, right of access or rectification – Kaira takes all necessary measures to facilitate the exercise of your right to access, your right to rectification, or your right to obtain your personal information. You can always obtain confirmation from us that personal information is being processed. Any rectification or deletion of your personal information will be communicated to third parties to whom the information has been disclosed. 

  1. Access and rectification requests 

All questions or concerns regarding this Policy or about the collection, use, and disclosure of  your personal information, including requests for access or rectification, should be made in  writing to the following contact person: 

KAIRA TECHNOLOGIES INC. 

Chief Financial Officer 

4, Place Ville Marie 

Montréal (Québec) H3B 3Y1 

Email: mario.vachon@kaira.ai 

You have the right to request access to your personal information held by Kaira. You also have the right to obtain confirmation that we hold personal information about you. We will provide you with your personal information, when collected electronically, in a structured, commonly used technological format. You may also request that your personal information be corrected if it is inaccurate, incomplete, or misleading, or if its collection, disclosure, or retention is not permitted by law.

Policy updated on December 20, 2024. 

Kaira will respond to any request for access or correction within 30 days of receiving the written request. In the event of a refusal to provide or correct information, Kaira will inform you of the reasons for the refusal and the sections of the applicable law that support the refusal, subject to the limitations of the law, and inform you of your recourse. 

If Kaira refuses to correct your personal information, we will allow you to provide written comments to your file regarding the personal information that was refused correction. Kaira will also retain the personal information that has been the subject of an access request for as long as necessary to allow you to exhaust any recourse provided by law. 

For more information about your privacy and your rights, you may contact the following law  enforcement authorities: 

  • In Canada: Office of the Privacy Commissioner of Canada www.priv.gc.ca
  • In the European Union: National Commission on Informatics and Liberty www.cnil.fr

Policy updated on December 20, 2024.