SiFi Labs

Data Privacy Policy

Who is the controller for the data processing and who can I contact?

The controller is:

SiFi Labs
290 rue Lavigueur,
Québec, QC, Canada

Contact information for the controller is:

Opt-in for updates and e-mail contact

  1. On our website, there is the option to be notified when updates are available. When registering for this option, your consent is obtained during the registration process. There is no disclosure to third parties in connection to the data processed to send updates. If you have registered for updates the legal basis of the processing is considered to be Article 6 (1) (a) of the GDPR.
  2. On our website, there is the possibility to reach out by e-mail to communicate with us directly. The legal basis for processing the data which is transferred in the course of sending an e-mail to the company is Article 6 (1) (f) of the GDPR. We only process the personal data that is needed to handle the contact enquiry.
  3. At the time of registration/contact, the following data is stored:
      1. The user’s e-mail address
      2. The time and date of registration/contact
  4. Depending on the legal basis of the processing, you may at anytime withdraw your consent or protest the processing of the data. In such cases, your data will be erased, and communication cannot be continued.

Information stored to perform contractual commitments

Data may be processed in the course of performing contracts with you as our customer to take measures prior to entering a contract, to formalize a contract, fulfill the contractual commitments or complete any follow-up required to uphold the contractual commitments. The legal basis for the processing of this data is Article 6(1) (b) of the GDPR.

Rights of the data subject

Right of access

Each data subject has the right to obtain information about the personal data being processed by the controller and access to the following categories:

      • the purposes of the processing;
      • the categories of personal data concerned;
      • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
      • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
      • the existence of the right to lodge a complaint with a supervisory authority;
      • where the personal data are not collected from the data subject, any available information as to their source;
      • the existence of automated decision-making, including profiling, referred to in Articles 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Right to rectification
      • Each data subject has the right to rectification of inaccurate personal data concerning him or her. This includes the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure

Each data subject has the right to have data stored about him or her erased without undue delay. The controller has the obligation to erase personal data without undue delay if one of the following grounds applies, as long as the continued processing is not necessary:

    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
      The data subject withdraws consent to which the processing is based according to Article 6 (1) (a) of the GDPR and where there is no other legal ground for the processing.
    • The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
    • The personal data have been unlawfully processed.
    • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    • The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
Right to object

Each data subject has the right to object on grounds relating to his or her particular situation to the processing of personal data concerning him or her when the processing is based on Article 6 (1) (e) or (f) of the GDPR.

Right to withdraw consent

When the legal basis for the processing of the data is Article 6 (1) (a) of the GDPR, the data subject has the right to withdraw consent to the processing. Following this, we will erase any personal data stored based on this legal ground.

Our security measures and information about when we delete data

We take steps to protect your personal data from unauthorized access and against unlawful processing, accidental loss, destruction and damage. We only store your personal data for as long as it is necessary for the purpose it was collected. Unfortunately, the transmission of information via the internet is not completely secure, and although we take steps to protect your data, we cannot guarantee the security of your personal data. If any breach is detected on our end, we will evaluate the severity of the risk to the rights and freedoms of our customers and notify them accordingly. We routinely evaluate how to ensure the security of your data to the best of our capabilities and in accordance with industry standards.


SiFi Labs does not make money from ads, and we do not display ads on the website. Therefore, we do not collect data to advertise to you. The data we store is solely related to communication regarding our products and contracts with our customers.

Is there automated decision-making or profiling?

No, we do not use fully automated decision-making or profiling as described in Article 22 of the GDPR.