Privacy & Cookie Policy

Last Review: October 25, 2024

1. Introduction

At EZO Systems ("us", "we", "our" or the "Company" or "EZO") we value your privacy and the importance of safeguarding your data. This Privacy Policy (the "Policy" or “Privacy Statement”) describes our privacy practices for the activities when you use our services, including our website https://ezo.app/ and the EZO app (collectively, the "Services"). 

As per your rights, we inform you how we collect, store, access, and otherwise process information relating to individuals. In this Policy, personal data ("Personal Data") refers to any information that on its own, or in combination with other available information, can identify an individual.

2. About Us, EZO, and Contact Information

Our site and services are managed by EZO Systems. We are a company registered in Quebec, Canada under the name 9467-4116 Québec inc. and company number 1177666337 (Quebec Enterprise Register), with our registered office located at 145 145-710 Rue Bouvier CP 70152 Quebec Québec G2J0A2 Canada.

We are regulated by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and Revenu Québec (license pending) as a Money Service Business (MSB). You can find us listed on FINTRAC’s public MSB Registry under the registration number C100000157.  We are also registered as a PSP with the Bank of Canada for the purposes of the Retail Payments Activities Act (RPAA). You can find EZO listed on the Bank of Canada’s public PSP Applicant Registry

To get in touch, please email us at info@ezo.app.

3. Commitment of EZO Systems

We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we follow the obligations under the below regulations:

  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA);
  • Quebec Law 25;
  • The General Data Protection Regulation (GDPR) of the European Union; and
  • Applicable provincial legislations.

4. Scope

This policy applies to the websites, domains, applications, services, and products of EZO Systems.

This Policy does not apply to third-party applications, websites, products, services or platforms that may be accessed through (non EZO Systems) links that we may provide to you. These sites are owned and operated independently from us, and they have their own separate privacy and data collection practices. Any Personal Data that you provide to these websites will be governed by the third-party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.

5. Processing Activities

TThis Policy applies when you interact with us by doing any of the following:

  • Make use of our application and services as an authorized user.
  • Visit any of our websites that link to this Privacy Statement.
  • Receive any communication from us including newsletters, emails, calls, or texts / SMS.

6. Personal Data We Collect

When you use our services, make a transaction, or attempt to make a purchase or attempt to do so through the EZO app, we collect the following types of Personal Data:

  • Account Information such as your name, email address, date of birth, residential address, password and other identification information;
  • Identification documents such as copies of government-issued ID, utility bills, or other documents to verify your identity;
  • Communication information such as feedback, inquiries, or other communications you send to us;
  • Payment Information such as your billing address, phone number, bank account details, transaction history, purchase information, credit card numbers, debit card numbers, cryptocurrency public wallet address or other payment methods;
  • Demographic Data including age, gender;
  • Mobile device specific identifiers such as make and model, IMEI and phone number;
  • Location Data;
  • Work related information such as your occupation, employment details;
  • Product information, such as serial number, product registration, licensing information;
  • Content, such as posts, comments, audio, or documents; and
  • Miscellaneous information about you and your financial situation.

7. How We Collect Your Personal Data

We collect Personal Data from the following sources:

7.1 From You

You may provide us your Account Information, Payment Information, Financial Information, Demographic Data, Purchase Information, Content, Feedback, Product Information, by filling in forms, using our products or services, entering information online or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide, for example, when you:

  • Create an Account: When you create an account, transact or purchase products on our website, you provide Account Information, Identification Documents, Payment Information, Demographic Data, Work-Related Information, and Product Information;
  • Use Our Services: When you use our products or services, including making transactions or attempting to make a purchase, we collect Usage Data, Payment Information, Content, and Miscellaneous Information;
  • Create Content: When you create content through our products or services, such as posts, comments, audio files, or documents, we collect that Content;
  • Express Interest: When you express interest in our products or services, we collect Demographic Data and Communication Information;
  • Download Software or Mobile Application: When you download software and/or our mobile application, we collect Device Information, Usage Data, and may collect Mobile Device Identifiers;
  • Subscribe to Our Newsletter: When you subscribe to our newsletter, we collect Contact Information and Demographic Data;
  • Participate in Surveys: When you complete a voluntary market research survey, we collect Demographic Data, Feedback, and Miscellaneous Information;
  • Contact Us: When you contact us with an inquiry or to report a problem (by phone, email, social media, or messaging service), we collect Communication Information; and
  • Log In via Social Media: When you log in to our website via social media, we may receive your Account Information and Public Profile Information from those platforms.
7.2 Automated Technologies or Interactions

As you interact with our website, we may automatically collect the following types of data (all as described above) and:

  • Device Data about your equipment;
  • Usage Data about your browsing actions and patterns; and
  • Contact Data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned Account inscription.

We collect this data by using cookies, server logs and other similar technologies. Please see our Cookie section (below) for further details.

7.3 Third Parties

We may receive Personal Data about you from various third parties, including:

  • Verification Services: Information from identity verification and fraud prevention services;
  • Financial Institutions: Data from banks and payment processors when you link your financial accounts;
  • Public Databases: Information from public records to verify your identity and prevent fraud;
  • Social Media Platforms: Information from social media accounts if you log in via social media;
  • Communication Services: Content from email providers and social networks when you give us permission to access your data on such third-party services or networks;
  • Technical and Delivery Services: Account Information, Payment Data, and Financial Data from providers of technical, payment, and delivery services;
  • Organizations for Fraud Prevention: Account Information and Payment Data from organizations (such as law enforcement agencies), associations, and groups who share data for the purposes of fraud prevention and detection and credit risk reduction;
  • Account Information and Payment Information: From another individual when they send your funds from our services;
  • Device and Usage Data: Information including analytics providers such as Google.
  • Account Information and Payment Data: Information from social media platforms when you log in to our website using such social media platforms;
  • Content from Communication Services: Data including email providers and social networks, when you give us permission to access your data on such third-party services or networks;
  • Account Information and Payment Data: Information from third parties, including organizations (such as law enforcement agencies), associations and groups, who share data for the purposes of fraud prevention and detection and credit risk reduction; and
  • Account Information, Payment Data, and Financial Data: Information from providers of technical, payment and delivery services.

If you provide us, or our service providers, with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Policy. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information set out in the "Contact us" section below.

7.4 Device and Usage Data

When you visit an EZO Systems website and/or mobile application, we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer), or similar technology. 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help Feature on most browsers will provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.

We also process information when you use our services and products. This information may include:

  • Login Information: Such as your username, password, and session details;
  • Time Stamps: Such as the date and time of your visits, logins, and interactions with our services;
  • Authentication Records: Such as the records used to verify your identity and secure your account;
  • Other Operational Data: Such as error logs, app performance metrics, and usage patterns;
  • IP Address: Such as information relevant for security and fraud prevention;
  • Device Information: Such as device type, operating system, and browser type;
  • Location Data: Such as approximate geolocation, especially relevant for fraud detection or localization of services; and
  • Interaction Data: Such as how users interact with our website and app, which pages they visit, and their navigation behavior (e.g., page clicks, scrolling behavior).

We use this data to:

  • Ensure the security of your account and our services;
  • Improve the functionality and performance of our website and mobile application;
  • Understand user behavior and preferences to enhance your experience; and
  • Monitor and troubleshoot technical issues.

8. Data Collected From Third Parties

We may receive your Personal Data from third parties such as companies subscribing to EZO Systems services, partners and other sources. This Personal Data is not collected by us but by a third-party and is subject to the relevant third-party’s own separate privacy and data collection policies. 

We do not have any control or input on how your Personal Data is handled by third parties. As always, you have the right to review and rectify this information. If you have any questions you should first contact the relevant third-party for further information about your Personal Data. 

Where that third-party is unresponsive to your rights, you may contact the Data Protection Officer at EZO Systems (contact details below).

Our websites and services may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by “Third-Party Materials” statements in our Website & Consumer User Terms, which you should review to better understand those third parties’ privacy practices.

9. Purpose and Legal Basis for the Processing of Personal Data

At EZO Systems, we collect and use your Personal Data with your consent to provide, maintain, and improve our products and services through the EZO app. This allows us to better understand your needs and ensure the quality of our services.

We process your Personal Data based on several legal grounds:

  • Performance of a Contract: Processing is necessary to provide our services and fulfill our contractual obligations to you;
  • Legal Obligation: Processing is necessary for compliance with legal obligations to which we are subject, such as financial regulations and anti-money laundering laws;
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, provided that these interests are not overridden by your rights; and
  • Consent: Where we rely on your consent to process Personal Data, you have the right to withdraw it at any time.

The purposes for which we collect and use your Personal Data include:

  • Verify and authenticate your identity (KYC) to ensure the security of your EZO account and prevent fraud;
  • Process and fulfill your orders and transactions;
  • Ensure the smooth and secure completion of financial transactions;
  • Investigate and prevent security incidents such as unauthorized access, data breaches, attacks, and hacks to protect your account and financial information;
  • Deliver, maintain, debug, and improve our products and services within the ecosystem of EZO Systems;
  • Enable you to access EZO services, set up and manage your accounts, and perform financial transactions seamlessly;
  • Provide technical support, troubleshooting, and customer service to resolve any issues and ensure a smooth experience;
  • Gather insights into how you use our services to improve functionality, performance, and the overall user experience;
  • Send you newsletters and other marketing communications about current and future products, services, and promotions with your consent;
  • Inform you about events, competitions, surveys, and promotions held by us or hosted on our behalf;
  • Organize and manage events, register attendees, and schedule meetings for events related to EZO Systems;
  • Conduct research and analysis to innovate, improve, and develop new products and services to better meet your needs and enhance the user experience; and
  • Communicate with you about updates, changes, or improvements to our products and services.

Where we process your Personal Data to provide a product or service, we do so because it is necessary to perform our services and contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. Consent will be required to initiate services with you. New consent will be required if any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.

10. International Data Transfer and Storage

Where possible, we store and process data on servers within the general geographical region where you reside (note: this may not be within the country in which you reside). EZO may disclose personal information in other circumstances with the user's consent or as permitted or required by applicable laws, including foreign laws that apply to us, our affiliates, or our service providers.

Your Personal Data may also be transferred to, and maintained on, servers residing outside of your state, province, country or other governmental jurisdiction where the data laws may differ from those in your jurisdiction. We will take appropriate steps to ensure that your Personal Data is treated securely and in accordance with this Policy as well as applicable data protection law.

11. Sharing and Disclosure

To provide the services requested by our users, EZO may share personal information with third parties, including entities outside of Canada.

We employ third-party companies and individuals to facilitate our services ("Service Providers"), provide services on our behalf, or assist us in analyzing how our services are used.

11.1 Data Protection Measures
  • Compliance with PIPEDA, Quebec Law 25, and GDPR: All Service Providers processing Personal Data of Canadian residents are required to comply with PIPEDA, and, where applicable, Quebec's Law 25. For EU residents, we also ensure compliance with GDPR regulations;
  • Data Processing Agreements: We have Data Processing Agreements in place with all third-party processors to ensure they protect your Personal Data; and
  • Restricted Use: Service Providers are only given access to Personal Data necessary to perform their functions and are prohibited from using it for other purposes.

We also use Google Analytics to help us understand how our customers use the site. You can read more about how Google uses your Personal Data here.

You can also opt-out of Google Analytics here.

12. Legal Requirement

We may use or disclose your Personal Data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. 

Where possible and practical to do so, we will tell you in advance of such disclosure.

13. Service Providers and Other Third Parties

We may use a third-party service provider, independent contractors, agencies, or consultants to deliver and help us improve our products and services. We may share your Personal Data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services.

We may disclose personal information to third parties such as identity verification providers, fraud prevention services, government agencies, and mobile service providers. This is done to verify your identity, contact information, and account details as outlined in the "Personal Information We Collect" section of this Privacy Policy.

To maintain accurate credit information, we may share personal information, including payment history, with credit bureaus.

EZO may engage service providers to perform specialized services on our behalf, such as data hosting, payment processing, banking services, research, marketing and analytics, customer support, digital services, and mail distribution. These service providers may handle personal information strictly as necessary to perform their duties. We ensure they follow our Privacy Policy and security protocols to protect your data.

EZO may also disclose personal information with user consent or as permitted or required by law, including compliance with foreign laws applicable to us, our affiliates, or our service providers.

We may share aggregated demographic information that does not identify individuals with our business partners, affiliates, and advertisers to support the purposes described above.

For further information on the recipients of your Personal Data, please contact us by using the information in the "Contacting us" section below.

14. Cookies

14. 1 What are Cookies?

A cookie is a small file with information that your browser stores on your device. Information in this file is typically shared with the owner of the site in addition to potential partners and third parties to that business. The collection of this information may be used in the function of the site and/or to improve your experience.

14. 2 How We Use Cookies

To give you the best experience possible, we use the following types of cookies:

  • Strictly Necessary: As a web application, we require certain necessary cookies to run our service;
  • Preference: We use preference cookies to help us remember the way you like to use our service; and
  • Analytics: We collect analytics about the types of people who visit our site to improve our service and product. Some cookies are used to personalize content and present you with a tailored experience. For example, location could be used to give you services and offers in your area.

15. Retention & Deletion

We will only retain your Personal Data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need Personal Data, we will remove it from our systems and/or take steps to anonymize it.

16. Merger or Acquisition

If we are involved in a merger, acquisition or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy. Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

17. Keeping Your Data Safe

We have appropriate organizational safeguards and security measures in place to protect your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We invite you to consult our public Security page.

The communication between your browser and our website uses a secure encrypted connection wherever your Personal Data is involved.

We require any third-party who is contracted to process your Personal Data on our behalf to have security measures in place to protect your data and to treat such data in accordance with the law.

18. Breach Notification and Incident Management

In the unfortunate event of a personal data breach, EZO Systems will take immediate steps to mitigate the risk and prevent further unauthorized access or disclosure. We maintain a detailed register of all data breaches, including the nature of the breach, its impact, and the measures taken in response.

If the breach poses a risk of serious harm to affected individuals, we will notify the following parties without undue delay:

Notifications will be provided as soon as possible after we become aware of the breach, unless doing so could impede a criminal investigation. A copy of the breach register will be provided to the relevant regulatory authority upon request.

If you suspect a data breach involving your personal information, please contact us immediately at info@ezo.app.

19. Children's Privacy

We do not knowingly collect Personal Data from children under the age of 14 without appropriate consent. In compliance with Quebec's Law 25, the following guidelines apply:

  • For minors under 14 years of age, we require consent from a parent or guardian before collecting, using, or sharing their personal information; and
  • For minors aged 14 years or older, either the minor themselves or their parent/guardian can provide consent for the collection, use, or sharing of their personal information.

For users residing in the European Union:

  • For minors under 16 years of age, we require verifiable parental consent before collecting or processing Personal Data; and
  • For minors aged 16 years or older they can provide consent themselves.

In cases where collecting data benefits the minor directly, we may collect the data without parental consent, as permitted by law.

20. Your Rights for Your Personal Data

Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:

  • Right to be Informed (Quebec Law 25, PIPEDA, GDPR Article 13, CPRA, CPA): You have the right to be informed about how your personal data will be collected, used, and shared. This includes information about the purpose of processing and any third parties involved.
  • Right to Access (Quebec Law 25, PIPEDA, GDPR Article 15, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA): You have the right to learn whether we are processing your personal data and to request access to the personal data we hold about you. You can also request a copy of your data.
  • Right to Rectification (Quebec Law 25, PIPEDA, GDPR Article 16, CPRA, CPA, VCDPA, CTDPA, LGPD, POPIA): You have the right to request corrections to any incomplete or inaccurate personal data we process about you.
  • Right to Erasure (Quebec Law 25, GDPR Article 17, CPRA, LGPD): You can request the deletion of your personal data in certain cases, such as when it is no longer necessary for the purpose for which it was collected, or when you withdraw your consent.
  • Right to Withdraw Consent (Quebec Law 25, PIPEDA, GDPR Article 7, CPRA, LGPD, POPIA): You have the right to withdraw your consent to the processing of your personal data at any time. This may limit certain functionalities of the EZO app, but your withdrawal will not affect the lawfulness of processing before consent was withdrawn.
  • Right to Data Portability (Quebec Law 25 [effective September 22, 2024], PIPEDA, GDPR Article 20, LGPD): You have the right to request a copy of your personal data in a structured, machine-readable format. You can also ask us to transmit this data to another organization, where technically feasible, when processing is based on your consent or a contract.
  • Right to be Informed about Automated Processing (Quebec Law 25, GDPR Article 22, CPRA): If your personal data is subject to automated decision-making, such as profiling, you have the right to be informed about the use of your data in such processes. This information must be provided at the time of the automated decision.
  • Right to Restrict Processing (GDPR Article 18, CPRA, LGPD): You have the right to request the restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or if the processing is unlawful and you oppose erasure.
20.1 About Automated Decision-Making and Profiling

We may use automated decision-making processes, including profiling, to enhance our services, such as fraud detection and personalized recommendations. These processes may have legal or significant effects on you.

Your Rights:

  • Right to Object: You have the right to object to automated decision-making;
  • Request Human Intervention: You can request human intervention in the decision-making process; and
  • Express Your Point of View: You have the right to express your viewpoint and contest the decision.
20.2 Our Business's Obligation to Respond

For residents of Quebec, Quebec Law 25 requires us to respond to users' requests regarding these rights within 30 days of receiving them. Users can request an extension if needed.

We are committed to handling your personal data in accordance with the relevant data protection laws, including Quebec's Law 25 and PIPEDA, and will work to address any requests related to your data rights in a timely and compliant manner.

21. Withdrawing Consent

If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This includes instances such as opting out of marketing messages from us. 

In compliance with Quebec's Law 25, the highest authority within the business is responsible for safeguarding personal information, and at EZO Systems, this responsibility has been delegated to our Privacy Officer and Data Protection Officer (DPO), Jeff Matte, our COO.

If you wish to withdraw your consent, or if you have any privacy-related concerns, you can contact our Privacy Officer and Data Protection Officer (DPO), Jeff Matte, at info@ezo.app. We will process your request promptly, in accordance with the applicable legal requirements.

22. How to Exercise Your Rights

ou can make a request to exercise any of these rights in relation to your Personal Data by sending the request to our privacy team at info@ezo.app.

For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.

23. Internal Data Protection Governance Policies

At EZO Systems, we are committed to ensuring that personal information is safeguarded at all times. To achieve this, we have established comprehensive internal governance policies and practices that outline how we manage, store, and protect personal data. These internal policies are regularly reviewed and updated to ensure compliance with applicable privacy laws, including Quebec’s Law 25.

Our internal governance policies cover the following key areas:

  • Roles and Responsibilities: We assign specific roles within our organization for managing and protecting personal information. Our Privacy Officer Data Protection Officer (DPO), Jeff Matte (COO), oversees the implementation and adherence to privacy policies;
  • Data Retention: We define how long personal information is retained and the procedures for securely disposing of data once it is no longer required;
  • Data Protection: We employ a combination of technical, administrative, and physical security measures to protect personal information from unauthorized access, use, or disclosure; and
  • Complaint Handling: We provide clear processes for handling complaints related to the collection, use, and protection of personal data.

These policies are aligned with the size and scope of our operations and are made publicly available to ensure transparency. For further details, please contact us at info@ezo.app.

24. Privacy Impact Assessments (PIA)

In accordance with Quebec’s Law 25, EZO Systems conducts Privacy Impact Assessments (PIAs) whenever a new project, system, or service involves the collection, use, sharing, or storage of personal data. This process ensures that we identify and mitigate any potential risks to the privacy of individuals.

A PIA will be conducted under the following circumstances:

  • When data is being transferred outside of Quebec and/or Canada; 
  • When developing, acquiring, redesigning, or otherwise implementing material changes to a system that handles personal information in any way; 
  • When considering a third-party provider for storing, transmitting, and processing personal data; and
  • When evaluating whether personal information may be used for research purposes without the data subject's consent.

The PIA process involves evaluating the sensitivity of the data, the purpose of its use, and the protective measures in place. We consult with our Privacy Officer Data Protection Officer (DPO), Jeff Matte, throughout the assessment to ensure all legal and regulatory obligations are met.

For further information regarding PIAs, please contact us at info@ezo.app.

25. Changes to the Privacy Policy

We may modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this Policy at this website. When using our services, you will be asked to review and accept our Privacy Policy. In this manner, we may record your acceptance and notify you of any future changes to this Policy.

26. Contact Us

To request a copy for your information, unsubscribe from our email list, request for your data to be deleted, or ask a question about your data privacy, we've made the process simple:

To contact us, please email info@ezo.app.

You can also write to us at our registered office located by addressing the letter to the Data Privacy Officer & Data Protection Officer (DPO) of EZO Systems:

145 145-710 Rue Bouvier CP 70152 Quebec Québec G2J0A2 Canada.

27. Last Review

These Terms and Conditions were last reviewed on 2024-10-25.

Be the First to Know!

Subscribe to get exclusive updates and early access when we launch in your country

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.