Book a free consultation

Ready to start learning about the benefits of going digital for better Food Safety Management

Learn More

Privacy Policy

  • Home
  • Privacy Policy
about

Effective Date: October 15, 2018
Last Updated: February 11, 2023

 

At NORMEX, we are committed to protecting your privacy and maintaining the trust of our clients. This Privacy Policy outlines how we collect, use, store, share, and safeguard your data. It also describes your rights, our responsibilities, and the boundaries around how your data is managed in the context of food safety compliance and digital operations.

1. Scope and Applicability

This Privacy Policy applies to all users of NORMEX services, including our web platform, mobile interfaces, and any integrated tools (collectively, the “Service”). By using the Service, you consent to the terms of this Privacy Policy.

2. Information We Collect

We collect and process the following categories of information:

a. Information You Provide

Business Information: Company name, contact info, facility details

Operational Content: SOPs, Preventive Control Plans (PCPs), checklists, audit data

Account Info: Emails, names, usernames, passwords

Billing Info: Payment information via secure third-party processor

b. Automatically Collected Data

- IP addresses, device types, operating systems, and browser types

- Usage data (logs, timestamps, error reports)

- IoT sensor data (if applicable)

3. Purpose of Data Use

Your data is used solely for the following:

- To deliver and operate the Service

- To support audit readiness and food safety compliance

- To provide reports, dashboards, alerts, and insights

- To respond to support requests

- To analyze system performance and improve service

- To comply with applicable laws and industry regulations

4. Hosting, Security & Compliance

Your data is hosted on GoDaddy secure infrastructure, which includes:

- Tier 3+ data center physical security

- Encrypted storage and secure server environments

- End-to-end encryption for data in transit (TLS 1.2+) and at rest (AES-256)

- Daily backups and routine vulnerability assessments

We align with the following industry frameworks:

- ISO/IEC 27001

- SOC 2 Type II

- GDPR

- Canada’s PIPEDA

5. Data Retention

All customer data—including operational records, food safety documentation, audit trails, and related metadata—is retained for a minimum of three (3) years after the date of creation or the end of the contract, whichever is later.

After this period, data will be securely deleted unless otherwise required by law or specifically requested in writing by the customer.

Customers may request early deletion or archival services subject to contract terms.

6. Service Levels, Uptime & Backups

Uptime Guarantee: 99.5% availability per calendar month

System Monitoring: 24/7 monitoring with real-time alerts

Backups: Daily backups retained for 30 days; full platform recovery available with a Recovery Point Objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 12 hours

Export Rights: Customers may download and export their data at any time

7. Intellectual Property & Data Ownership

a. Customer Data

All documents, templates, records, and information entered by you or your users remain your exclusive property.

b. Licensed Materials

We provide pre-built regulatory documents, checklists, and templates (the “Licensed Materials”). While we maintain them to reflect industry best practices, we do not warrant their legal or regulatory completeness or accuracy. Customers are responsible for reviewing these materials before implementation.

c. IP Rights

NORMEX retains ownership of its platform code, designs, and proprietary software features. You retain all rights to your operational data and records.

8. Data Usage Restrictions

We do not use your data to train AI models or algorithms.

We do not share, resell, or license your data to third parties.

We do not use your documents or materials for internal marketing, development, or benchmarking.

Access to your data is strictly controlled and audited. Only authorized NORMEX personnel may access it when required for support or legal reasons and with your knowledge.

9. Termination and Data Export Rights

Upon termination of your agreement:

- You may request a full export of your data in a structured, machine-readable format (CSV or JSON).

- We retain a secure copy of your data for 30 days post-termination unless otherwise instructed.

After that, all data will be permanently deleted from our servers.

10. Representations and Warranties

We warrant that our software will perform in material accordance with the documentation.

Our hosting infrastructure (GoDaddy) adheres to industry security standards.

Licensed Materials are provided “as is” and “as available,” without warranties of regulatory or legal compliance.

11. Indemnification

NORMEX will indemnify you for:

Data breaches resulting from gross negligence or willful misconduct

Breach of data protection commitments or licensing misrepresentations

You agree to indemnify NORMEX for:

Misuse of the platform

Violation of laws or third-party rights using the Service

12. Dispute Resolution

All disputes shall first be addressed through good-faith mediation.

If unresolved, parties agree to binding arbitration through a mutually agreed tribunal.

The governing law shall be the province of Quebec, Canada, and proceedings will take place in Montreal.

Both parties are responsible for their own legal fees unless otherwise awarded.

13. Your Rights

You may request to:

- Access or update your data

- Restrict or object to processing

- Request data deletion or export

- File a complaint with your Data Protection Authority (DPA)

- To exercise any of these rights, contact us at info@normex.ca.

14. Contact Information

NORMEX Inc.
Attn: Privacy Officer
28 rue Du Fanion Gatineau, QC J9J 2S7
Email: privacy@normex.ca
Phone: +1 (888) 918-4718