SDS RiskAssist logo light BG with trademark symbol
Request Demo
Contact us
SDS RiskAssist logo light BG with trademark symbol
Request Demo

Get your free demo of SDS RiskAssist

SDS RiskAssist COS Mag winner 2024 SDS management software

Find out what you don't know about the chemicals in your workplace and make chemical safety a snap.

No commitments. No payment required. View our privacy policy here.

Send your request and we'll respond back by email within 24 hours

Get a demo of the most sophisticated SDS Management software

One week away from a safer workplace

Contact Us

Privacy Policy

Revision Date – August 14th, 2025

The following agreement (the “Privacy Policy”) describes how Rillea Technologies Inc. (also known as SDS RiskAssist) (the “Company”, “we”, “us”, or “our”) collects, uses, protects and discloses personal information and other information related to the individuals, including existing and prospective customers, and visitors to our websites (referred to as “you”). Please note that this policy also applies to Internet and e-mail use by the Company’s employees, contractors, clients, customers and suppliers.

WHAT IS PERSONAL INFORMATION?

Personal Information” is any information which can identify an individual or through which an individual’s identity can be deduced, and which is disclosed to us or which we create within the context of our relationship with the individual. This includes but is not limited to:

  • Identifiers: Name, address, email address, phone number and IP address
  • Financial Information: Invoicing, payment and bank account details
  • Technical Information: Cookies, browser history and device information


HOW DOES THE COMPANY COLLECT YOUR PERSONAL INFORMATION?

We collect your Personal Information at the time you become a new customer, client, supplier, employee or contractor of the Company and thereafter when we communicate with you. For example, we collect your Personal Information:

  • Directly from you: When you create an account, purchase a product, have discussions with our employees and contractors, sign up for a newsletter, fill out a form, interact with us on social media, or contact us;
  • Automatically: When you visit our website, using cookies and other tracking technologies;
  • From third parties: We may receive information from partners, service providers, or other third parties, with your consent or as permitted by law.

WHY DOES THE COMPANY COLLECT PERSONAL INFORMATION?

In serving the needs of the Company and its employees, contractors and customers, it is important that the Company has accurate information. The Company may collect Personal Information to:

Processing Purpose
Type of Personal Information Collected
Legal basis
To provide products and services

Name, address and email

Subscription: necessary for the performance of the contract.

To communicate with you

Name, address and email

Legitimate interest: to respond to your requests and improve our customer service.

For security purposes

IP address, device information, email

Legitimate Interest: To protect our systems and prevent fraud.

To send marketing emails

Name, email

Consent: We will only send you marketing emails with your explicit and informed consent.

To improve our website and services

IP address, Browse data, cookies

Legitimate Interest/Consent: To analyze website traffic and user behavior.

To comply with legal obligations

Any information required by law

Legal Obligation: To meet our legal and regulatory requirements.

To conduct research and analysis

Anonymized or pseudonymized data

Legitimate Interest: To understand market trends and improve our offerings.

WHEN MIGHT PERSONAL INFORMATION BE DISCLOSED?

The Company may disclose Personal Information in order to:

  • administer and maintain any employment/contractor relationship;
  • administer and maintain payments;
  • make hiring decisions;
  • submit quotes or proposals to prospective customers or clients; and
  • explore and/or undertake corporate opportunities, including a merger, acquisition, amalgamation, IPO, reorganization or sale of the Company, including the due diligence process and the transfer of information through to closing of any such transaction.

HOW LONG WILL THE COMPANY RETAIN YOUR INFORMATION?

We retain your information for only so long as is necessary for the purposes for which it has been collected. Your Personal Information will be destroyed once it is no longer needed by us and once all requirements at law have been met.

HAVE YOU CONSENTED?

We will seek your clear, free, and informed consent for the collection, use, and disclosure of your personal information, as required by law.

  • Explicit Consent (Opt-in): We will require your explicit, affirmative consent for the collection of personal information or for marketing communications.
  • Withdrawal of Consent: You have the right to withdraw your consent at any time. To withdraw your consent, you can unsubscribe from emails or contact our Privacy Officer. Withdrawing your consent may affect our ability to provide you with certain services.

DO WE DISCLOSE PERSONAL INFORMATION TO THIRD PARTIES?

We will not disclose your personal information to third parties without your consent, except where required or permitted by law. We may share your information with the following categories of third parties:

  • Service Providers: We may use third-party service providers to help us with tasks such as payment processing, website hosting, and email delivery. These providers are bound by contract to protect your information and are only permitted to use it for the purposes we have specified. 
  • Legal and Regulatory Authorities: We may be required to disclose your personal information to comply with a court order, subpoena, or other legal process.

 

We may share information that has been anonymized without limitation.

IS PERSONAL INFORMATION STORED IN INTERNATIONAL LOCATIONS?

While all client data, related to SDS RiskAssist, is stored in data centres within Canada, it is not always possible to maintain all Personal Information, such as name and email addresses, in Canada. For example, Google Workspace currently only offers data centres in the United States and Europe.

As a result, your personal information may be transferred to, stored, and processed in countries outside of Canada, including the United States and Europe. When we transfer your information, we will take appropriate measures to ensure that it is protected with an equivalent level of security as required by Canada’s laws as well as those of the provinces.

  • Privacy Impact Assessment: Before transferring your personal information outside of Canada, we will conduct a privacy impact assessment to ensure that the information will receive adequate protection.

HOW DO WE USE AUTOMATED DECISION-MAKING?

Automated decision-making are decisions made with little or no human intervention. We may use automated decision-making for marketing emails to provide you with a more personalized experience.

WHAT ARE YOUR RIGHTS TO PERSONAL INFORMATION?

You have specific rights regarding your personal information, which we are committed to upholding:

  • Right to Access: You have the right to request access to your personal information that we hold. 
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal information.
  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal information in certain circumstances.
  • Right to Object to Processing: You can object to the processing of your personal information for specific purposes, such as direct marketing.
  • Right to Data Portability: You can request a copy of your personal information in a structured, commonly used, and machine-readable format and, where technically feasible, have it transmitted to another organization.
  • Right to be informed of automated decision-making: We will inform you if we use your personal information to decide, based solely on automated processing, including profiling, and you have the right to request human intervention.

To exercise any of these rights, please contact our Privacy Officer at the contact details provided below. We will respond to your request within 30 days, as required by law.

HOW DOES THE COMPANY PROTECT PERSONAL INFORMATION?

Safeguards, security systems and processes are in place to protect your information against unauthorized access, disclosure, use, or modification. Your Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have been designated with such authority and only to the extent necessary to accomplish the objectives we’ve described above, or to the Company’s relevant benefits.

 

Furthermore, the Company agrees to take reasonable steps to maintain appropriate physical, technical and administrative security to ensure they remain effective against evolving threats to help prevent loss, misuse, unauthorized access, disclosure or modification of Personal Information.

WHAT PROCESSES ARE IN PLACE TO HANDLE INCIDENT MANAGEMENT AND BREACH NOTIFICATION?

We have a robust process, in compliance with information security standards such as ISO 27001, in place to handle confidentiality incidents. In the event of an incident involving your personal information, we will:

  • Take immediate steps to mitigate any harm.
  • Assess the risk of injury to affected individuals.
  • Notify the relevant privacy commissioner if the incident presents a risk of serious injury.
  • Notify you, the affected individual, if the incident presents a risk of serious injury.
  • Maintain a register of all confidentiality incidents.

IS PRIVACY BY DEFAULT AND ARE PRIVACY IMPACT ASSESSMENTS CONDUCTED?

  • Privacy by Default: When we offer a product or service that involves the collection of personal information, the highest level of privacy protection will be set by default, without any action on your part.
  • Privacy Impact Assessments (PIAs): We will conduct a PIA for any project involving the collection, use, communication, keeping, or destruction of personal information, as well as for any transfer of personal information outside of Canada.


DO WE COLLECT DATA FOR CHILDREN UNDER THE AGE OF 18?

Our services are directed to the public. We do not knowingly collect information from children under the age of 18. If we learn to have inadvertently collected personal information for a child under the age of 18, it will promptly be deleted.

WHO DO YOU CONTACT FOR QUESTIONS OR COMPLAINTS?

If you have any questions or concerns about this policy, or should you wish to review your Personal Information, please contact:

 

Lisa Hallsworth

218 Avonlough Rd.,

Belleville, ON,

K8P 5G4;

privacyinfo@rilleatech.com.

 

If you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory body such as:

·      Ontario : Office of the Information and Privacy Commissioner of Ontario

·      Quebec: Commission d'accès à l'information du Québec

·      Canada (Federal): Office of the Privacy Commissioner of Canada