_cropped.png?width=188&height=97&name=Logo%20Transparent%20(white%20writing)_cropped.png "Logo Transparent (white writing)_cropped")
PRIVACY POLICY
Sterling North Partners Inc.
Effective date: 2026-04-28
Version: 2.1
This Privacy Policy describes how Sterling North Partners ("SNP", "we", "us", or "our") collects, uses, discloses and protects personal information. It satisfies SNP's obligations under Quebec's *Act respecting the protection of personal information in the private sector* (the "Loi 25", as amended by Bill 64) and the federal *Personal Information Protection and Electronic Documents Act* ("PIPEDA").
If anything in this policy is unclear or you wish to exercise a right described below, contact our Privacy Officer (section 9).
1. Privacy Officer (*Loi 25*, art. 3.1)
The person responsible for the protection of personal information at Sterling North Partners is:
Philippe Marcotte
Managing Director, Sterling North Partners
Email: privacy@sterlingnorth.partners
Mailing address: Sterling North Partners, Attn: Privacy Officer, 381-2400 Chemin Lucerne, Mont-Royal, QC H3R 2J8 (PO box for legal correspondence)
You may write to the Privacy Officer at any time to ask questions about this policy, exercise your rights under the *Loi 25* or PIPEDA, or report a concern.
2. What personal information we collect
In the ordinary course of providing AI strategy and automation advisory services, SNP collects personal information that you, your employer, or another party authorised by you provides to us. This may include:
- Name, business email address, business telephone number, professional title, employer;
- Information you submit through our website forms (newsletter sign-up, "Book a Strategy Call", "Free Problem Assessment", "Transformation Diagnostic", "ROI Estimate", "Contact Us", "Download the E-book", "Careers");
- Information contained in files, documents and communications you share with us during a client engagement;
- Information about how you interact with our website (see section 8 — Cookies and analytics).
We do not knowingly collect personal information from minors. Where SNP performs work for a client that involves the personal information of that client's customers, employees or other individuals, the client is the primary controller of that information; SNP acts as a service provider under the contract with the client.
3. Why we collect it (purposes)
We collect, use and disclose personal information only for the following purposes:
- To respond to your inquiries and provide the services you or your employer have requested;
- To enter into and perform consulting and managed-services engagements;
- To send you communications about engagements you are part of, security or product updates, and (with your consent) marketing about our services;
- To comply with applicable law, regulation, professional standards, and contractual obligations;
- To enforce our rights, prevent fraud, and protect SNP and others.
Where the *Loi 25* or PIPEDA require us to identify a more specific purpose, we will do so before or at the time of collection.
4. Legal basis and consent
We rely on your consent to collect, use and disclose personal information except where the law authorises us to act without consent (for example, to comply with a subpoena, prevent fraud, or where the information is manifestly public). You may withdraw your consent at any time, subject to legal or contractual restrictions; withdrawal may mean we are no longer able to provide a service to you.
5. How we share personal information
We share personal information only as needed to deliver the services you have requested or as required by law. The categories of recipients are:
- SNP personnel with a legitimate need to know, bound by confidentiality obligations.
- Our service providers (data processors), listed in section 6, who process personal information on our behalf under written agreements.
- Authorities or other parties when required by law (subpoena, court order, regulatory investigation).
- Successors and assigns, in the event of a corporate transaction (financing, sale, securitisation), subject to appropriate safeguards.
We do not rent, sell, or trade personal information.
6. Data residency and cross-border transfers (*Loi 25*, art. 17)
SNP's primary information systems and authoritative data stores are operated on enterprise-grade cloud infrastructure with primary data residency in Canada. Some of our service providers — including providers of customer relationship management, AI assistants, accounting and payroll software, password and secret management, and specialised production tools — operate from outside Canada, principally the United States.
Each cross-border transfer has been assessed under our Privacy Impact Assessment programme (in accordance with *Loi 25* article 17). Safeguards in place include: technical access controls, data minimisation, classification-tier restrictions on what may be processed by which provider, contractual data-processing terms (including zero-retention protections where available), and reliance on each provider's published independent security certifications (such as SOC 2 or ISO 27001). Each provider is reviewed at least annually as part of our internal management review programme.
A current list of our cross-border service providers, the categories of personal information involved, and the applicable safeguards is available on request from our Privacy Officer (section 1).
7. Your rights (*Loi 25*, art. 27, 28, 28.1; PIPEDA)
You have the right, subject to applicable legal exceptions, to:
- Access the personal information we hold about you and obtain a copy in a structured, commonly used technological format;
- Rectify inaccurate or incomplete personal information;
- Withdraw consent to the collection, use or disclosure of your personal information;
- Cease dissemination, deindexation, or re-indexation of personal information that is no longer authorised by law or by your consent (*Loi 25*, art. 28.1);
- Receive information about the existence and categories of decisions made about you exclusively through automated processing, and to submit observations to a person who can review the decision;
- File a complaint with the Privacy Officer; if you are not satisfied with our response, you may file a complaint with the Commission d'accès à l'information du Québec (CAI) at cai.gouv.qc.ca or with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
To exercise any of these rights, write to the Privacy Officer at privacy@sterlingnorth.partners. We will respond within 30 days; if more time is required, we will notify you of the reason and the expected response date.
8. Cookies and analytics
Our website uses cookies and similar technologies to operate the site, remember your preferences, and measure usage. You can configure your browser to refuse cookies or to alert you when cookies are sent; some site functionality may be unavailable if cookies are disabled. We do not use cookies to capture information that personally identifies you without your consent.
9. Security
We apply reasonable administrative, technical and physical safeguards to protect personal information against loss, theft, unauthorised access, disclosure, copying, use or modification. SNP operates an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022; certification is targeted for December 2026. Safeguards include multi-factor authentication, encryption at rest and in transit, role-based access control, audit logging, vendor security assessments, and periodic security awareness training for all personnel.
If a confidentiality incident creates a risk of serious injury to affected individuals, SNP will notify the Commission d'accès à l'information and the affected individuals with diligence, in accordance with the *Loi 25* and the *Règlement sur les incidents de confidentialité* (in force since 29 December 2023).
10. Retention
We retain personal information only as long as necessary for the purposes for which it was collected, plus the period required by law or by our contractual obligations. Records subject to long-term retention controls are retained for ten (10) years; other records are retained according to their classification under SNP's internal Data Classification Policy. Specific retention periods for a category of personal information are available on request from our Privacy Officer.
11. Changes to this policy
We may update this policy from time to time. The effective date at the top of this policy will be updated when we do. Material changes will be highlighted on our website. By continuing to use our services or our website after the effective date of an updated policy, you accept the updated terms.
12. Governing law
This Privacy Policy is governed by the laws of the Province of Quebec and the laws of Canada applicable therein.
13. How to contact us
For any privacy-related question or to exercise any right under this policy:
Privacy Officer
Email: privacy@sterlingnorth.partners
General contact: info@sterlingnorth.partners
Telephone: +1 (438) 808-6929
Mail: Sterling North Partners, Attn: Privacy Officer, 381-2400 Chemin Lucerne, Mont-Royal, QC H3R 2J8