Update date: November 22, 2023
Preamble
This document (hereinafter the “Policy” or “Privacy Policy“) sets out the manner in which Personal Information collected via the Website by Le CFO Masqué, a joint-stock company incorporated under the laws of Canada and registered with the Québec Enterprise Register under number 1177197143, whose head office is located at 241 rue Simoneau Windsor (Québec) J1S2S8 Canada (hereinafter the “Company“), is processed.
Personal Data is collected directly from the Persons Concerned by the Processing, i.e.: persons browsing the Website in accordance with the General Terms and Conditions of Use (the “Users”).
Capitalized terms shall be understood as defined below or, where applicable, as defined in Article 4 of European Regulation n°2016/679 on the processing of Personal Data. For your information, some of these definitions have been reproduced below.
“Website” means the Excel and Power BI Academy – Le CFO masqué website (lecfomasque.com/en) made available by the Company, all the programs making up the Website and the Content.
“Content” refers to all texts, images, logos, designs, documents, music, videos, audio, 3D, or other elements, which may or may not be protected by intellectual property rights, made available via the Website by the Company.
“Personal Data” or “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
“Recipient” means the natural or legal person, public authority, department or other body that receives personal data, whether or not it is a third party. However, public authorities which may receive personal data in the context of a particular investigation in accordance with Union law or the law of a Member State shall not be considered as recipients; the processing of such data by the public authorities in question shall comply with the applicable data protection rules according to the purposes of the processing.
“Processing” means any operation or set of operations which may or may not be performed using automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The processing of personal data by the Company is carried out in accordance with the laws and regulations in force concerning the protection of personal data.
The Privacy Policy is subject to change without notice to reflect any changes to the Website or to comply with current or future regulatory/legal requirements.
We invite you to consult it regularly to take note of any modifications. You will be notified in advance of any substantial changes. Use of the Website is subject to acceptance of this Policy.
Personal data collected via the Website and purposes
As part of the use of the Website, the Company processes the following Personal Data about its Users:
- Civil identification data: surname, first name, user name/identifier, gender, telephone number, e-mail address, profile photograph, postal address, country, data relating to the position or department of the Person concerned;
- Connection data: Internet protocol (IP) address, unique user ID, device and browser IDs, referring and exit page addresses, software and system, registration date, connection times;
- Geolocation data: approximate position of the person via data from the connecting device;
- Order data: payment information, billing information, order numbers, Group, Affiliation zone;
- Data published via the Website: file attachments, publications on the Forum, exchanges with the Company’s teams via the contact page;
Free comment fields are made available to Users, in particular as part of the forms enabling them to contact the Company, leave a review or enter (hereinafter the “Forms”). The User undertakes not to enter any Personal Data, and a fortiori any sensitive Personal Data, other than those expressly requested in advance by the Company and indicated by an asterisk as part of the Forms.
Purposes and legal basis of processing
| Personal data | Purpose | Legal basis for processing |
| Civil identification data | The processing of this data is necessary for :
| Consent of the person concerned for information not marked with an asterisk. Contract execution for information marked with an asterisk. |
| This data is also used to contact you in the context of requests made via the form or for notices left. | Performance of a contract. | |
| Website maintenance and security, prevention of malicious use. | Legitimate interest. | |
| Connection data | Website maintenance and security, prevention of malicious use. | Legitimate interest. |
| Data transmitted via the Website | Use of the Services on the Website. | Consent of the person concerned. |
| Website maintenance and security, prevention of malicious use. | Legitimate interest. | |
| Order data | Delivery of training orders placed on the website | Contract performance |
| Data published on the Forum | Publication of messages on the Forum, its operation and security. | Consent for published messages Legitimate interest |
In accordance with current regulations, data subjects may withdraw their consent at any time for processing operations based on this legal basis.
Recipients of Personal Data
Personal Data are processed by the Company’s employees who have an interest and are duly authorized to do so, as well as by its IT service provider, where applicable, as part of its duties to manage and maintain the Website.
The Company does not sell Personal Data to third parties.
At present, no Personal Data is transferred. In the event that Personal Data collected by the Company should be transferred and/or access granted to specified third parties via appropriate agreements guaranteeing processing of Personal Data under the direction of the Company, this Policy will be updated accordingly.
In the event of a change of control, modification of the Company’s share capital, or any other action that may require the Company to be audited by a third party: Should the Company be required to transmit Personal Data to this third-party auditor, it undertakes, in accordance with current regulations, to do so in compliance with the principle of necessity and minimization of processing, and to put in place the necessary safeguards to ensure that the processing carried out under its direction is carried out under conditions guaranteeing a degree of security, confidentiality and compliance equivalent or superior to that put in place within the Company.
Shelf life or criteria used to determine it
Personal Data processed in accordance with this Policy are retained for the periods indicated below. At the end of the retention periods, Personal Data is deleted or permanently anonymized.
| Personal data | Base to active* | Intermediate archive** |
| Civil identification data | For the duration of the provision of the Services until consent is withdrawn or the account is deleted. | Seven (7) years from the last connection or request for deletion of the account in accordance with the limitation period for civil action In the event of litigation or legal/regulatory proceedings. For other periods, to meet any legal archiving requirements. Other times, for safety and protection reasons. (for example: to prevent the recreation of an account after a breach of the general conditions of use or security of the Website…) |
| For the duration of the contract. (e.g. product sales, custom manufacturing, etc.) | Seven (7) years from the last connection or request for deletion of the account in accordance with the limitation period for civil action In the event of litigation or legal/regulatory proceedings. For other periods, to meet any legal archiving requirements. Other times, for safety and protection reasons. (for example: to prevent the recreation of an account after a breach of the general conditions of use or security of the Website…) | |
| Connection data | For the duration of the provision of the Services and/or until deletion of the partner account. | One (1) year from the last connection to the Website. |
| Data published on the Website | For the duration of the provision of the Services until consent is withdrawn or the account is deleted. | Seven (7) years from the last connection or request for deletion of the account in accordance with the limitation period for civil action As evidence in the event of litigation or legal/regulatory proceedings. For other periods, to meet any legal archiving requirements. |
| Order data | For as long as the account is active and until the account is deleted. | As evidence in the event of litigation or legal/regulatory proceedings. For other periods, to meet any legal archiving requirements. |
* active basis: period required to achieve the purpose for which the Data was collected. Data is then kept in the immediate environment of operational staff who need to access it.
** intermediate archiving: Personal Data is no longer used to achieve its intended purpose (“closed files”), but is still of administrative interest to the organization (e.g. management of any litigation, etc.), or must be kept to meet a legal obligation (e.g. invoicing data must be kept for ten years under the French Commercial Code, even if the person concerned is no longer a customer). Data may then be consulted on an ad hoc basis by specifically authorized persons.
Safety measures
The Company implements all technical and organizational security measures necessary to guarantee the security of Personal Data processed by the Company in accordance with the state of the art and the risk incurred.
Personal Data is subject to physical and logical security measures such as, among others, the implementation of a etc.
Corrective updates and version upgrades are implemented when necessary, nevertheless the Company cannot be held responsible for bugs and errors (hereinafter “Event”) that may occur in the Website and that are not of a critical nature in accordance with the GCU in force on the day the Event occurs, apart from any Violation of Users’ Personal Data.
If you have any questions, you may contact our Data Protection Officer (hereinafter the “Officer”) using the means indicated in point 7 of this Policy.
Where applicable, transfers of Personal Data outside the European Union
The Company does not transfer the Personal Data of its users collected via the Website to third parties other than those mentioned in article 3 of the present policy “Recipients of Personal Data”. Personal Data is stored in Montreal, Canada
Personal Data is transferred to on the basis of the partial adequacy decision issued by the European Commission on December 20, 2001 for processing carried out by private sector organizations in the course of a commercial activity.
Exercising your rights
Data subjects may exercise the following rights:
- the right of access enables the data subject to find out whether data concerning him or her is being processed, and to obtain a readable copy in a comprehensible format. This right also enables the accuracy of the data to be checked;
- the right of rectification enables the person concerned to modify, correct or update data concerning him or her in order to limit the use or dissemination of erroneous information;
- the right to object allows the data subject to object to his or her data being used for a specific purpose;
- the right to erasure allows the data subject to obtain the erasure of his or her data;
- the right to limitation allows the use of a person’s data to be temporarily halted, for example while a challenge to the use of their data or a request to exercise their rights is examined;
- the right to portability allows the data subject to recover part of his or her data in a machine-readable format, for his or her own use or to provide it to another organization;
This request can be made to the data controller :
By e-mail: [email protected]
If you are dissatisfied with the response to your request, you may lodge a complaint with the competent supervisory authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL). For more information on this subject: Send a complaint to the CNIL | CNIL.
You can submit this request :
By post to the following address:
Commission nationale de l’informatique et des libertés
Complaints department
3 Place de Fontenoy
TSA80715
75334 PARIS CEDEX 07
Online : Online complaints | CNIL
The Company may need to process Users’ telephone numbers for the purposes described in point 3 of this Policy. In accordance with article L223-2 of the French Consumer Code, Users who do not wish to be the subject of commercial canvassing by telephone may, free of charge, register on a telephone canvassing opposition list.
You can access here : Bloctel – Consumer area to the area where you can register on these lists.
Children’s personal data
Minors under the age of fifteen (15) are not allowed to create an account on the Website.
Users are deemed to have reached the age of 15 in order to create an account and use the Services offered via the Website without the joint consent of the holder(s) of parental authority over the minor.
The Company does not process the Personal Data of children under the age of fifteen, pursuant to Article 45 of the French Data Protection Act of January 6, 1978.
If you are the legal guardian of a child under the age of fifteen (15) who has created an account on the Website without your consent, please contact us at [email protected] so that we can delete the account and the Personal Data concerning the child.
Cookies and other trackers
A cookie is a small computer file or “tracker” that is deposited and read, for example, when you visit a website, read an e-mail, install or use software or a mobile application, regardless of the type of terminal used (computer, smartphone, e-reader, video game console connected to the Internet, etc.).
As part of the operation of the Website, the Company deposits the following cookies:
| Name | Function | Retention period | Nature |
| wp-wpml_current_language | This cookie is deposited by WPML and remembers language choices. | Session | Preference |
| lidc | Used by Linkedin for redirection | 21 hours | Preference |
| li_gc | Used by Linkedin to remember guests’ choices for non-essential cookies | 6 months | Preference |
| _gid | Contains the unique identifier used by Google Analytics to distinguish users | 21 hours | Analytical |
| _gat_* | Used by Google Analytics to limit data collection on high-traffic sites | 3 hours | Analytical |
| _ga_* | Contains the unique identifier used by Google Analytics 4 to distinguish users | 1 year | Analytical |
| _ga | Contains the unique identifier used by Google Analytics to distinguish users | 1 year | Analytical |
| _hjSessionUser_* | This cookie is set by Hotjar the first time the page containing the script is launched. It identifies the user from one visit to the next. | 2 hours | Analytical |
| _hjFirstSeen | Cookie set by Hotjar to identify users who have already visited the site or not when they start their first session. | 2 hours | Analytical |
| _hjSession_* | Used by Hotjar to collect data during the session | 2 hours | Analytical |
| _hjAbsoluteSessionInProgress | Cookie placed by Hotjar to track user session start. This cookie contains no identifying data. | 2 hours | Analytical |
| In_or | Cookie set by Linkedin to determine if Oribi analytics can be supported on certain domains. | 21 hours | Analytical |
| bcookie | Microsoft MSN cookie for sharing the site via the social network | 1 year | Analytical |
| _gcl_au | Cookie used by Google AdSense to understand user interactions with the website by generating analytics data. | 3 months | Marketing |
| test_cookie | Used to verify that the user’s browser supports cookies. | 3 hours | Marketing |
| li_sugr | Used by Linkedin to estimate the user’s identity outside designated countries. | 3 months | Marketing |
| UserMatchHistory | Cookie containing an identifier used by Linkedin to identify a unique user from one session to the next. | 1 month | Marketing |
| AnalyticsSyncHistory | Used by Linkedin to store information about the time needed to synchronize with the Lms_analytics cookie for users in designated countries. | 1 month | Marketing |
| bscookie | Cookie used by Linkedin to track the use of its services. | 1 year | Marketing |
| -hjIncludedInSessionSample_3381609 | 3 hours | ||
| elementor | Session | ||
| flowplayerTestStorage | Session | ||
wc_cart_hash_d435bf30c56aa0 40eefa672fcf7ec9b3-fr | Session | ||
wc_fragments_d435bf30c56aa 040eefa672fcf7ec9b3 | Session |
You can modify your choice of settings for optional cookies in the preferences interface by clicking on the icon: 
located at the bottom left of your browser window or directly via your browser by clicking on the corresponding link below:
