Last updated : April 27 th 2023.

With the advent of new technologies it is necessary to pay special attention to the protection of privacy. That is why we, a company legally incorporated under the name « R.I.T.M.A. Inc. », operating under the name « RITMA », domiciliated at 13-200 rue Principale (J0R 1R0), Saint-Sauveur, Québec, Canada (hereinafter « RITMA» or « we »), we are seriously concerned about the privacy of you ("you" or "User") and your personal data.

The privacy policy (the « Policy ») describes:

1. What type of information Una Buro may collect and from whom

2. How we use and share your information and with whom

3. When we do or do not need your consent

4. Your rights concerning your personal data and how to exercise them

5. What are our security safeguards for storing your personal data

6. What other terms and conditions go along with this Policy

7. How we can make changes to this Policy

8. How to reach us with a question, comment or complaint

RITMA will not collect, use or disclose your personal data other than in accordance with this Policy and the applicable laws of Canada and Quebec.

Please read this Policy and our Terms of Use (INSERT LINK) carefully to understand our policies and practices related to your personal data. If you do not agree with our policies and practices, you must stop using our Platform. By accessing or using this Platform, you indicate that you understand, accept and consent to the practices described in this Policy. The Policy may change from time to time. If you continue to use this Platform after we have made changes to the Policy, you are indicating your acceptance and consent to those changes. Whenever possible, we will notify you in advance of any material changes to the Policy.

Scope of the Policy

This Policy applies to the information we collect, disclose, store and otherwise process about you :

- On our website, customer portal and social media pages, accounts, websites, networks or any applications contained therein, designed and operated by RITMA (hereinafter the "Platform").

- In emails, texts, forms and other electronic messages between you and this Platform.

- Through recorded video calls, phone calls or discussions with RITMA employees.

- When you interact with our forms, advertisements and applications on third-party websites and services, if those forms, applications or advertisements contain links to this Policy.

The Platform may include links to third-party websites, plug-ins, services, social networks or applications. Clicking on these links or activating these connections may allow the third party to collect or share personal data about you. If you follow a link to a third-party website or activate a third-party plugin, please note that these third parties have their own privacy policies and we have no responsibility for the privacy practices and policies of third parties. We do not control these third parties and we encourage you to carefully read the privacy policy of each third party you visit.

Please be aware that you may obtain more information about our practices and withdraw your consent at any time, subject to legal and contractual restrictions and reasonable notice, by contacting our Privacy Officer at However, without your consent, RITMA may no longer be able to provide you with the Platform or the services you requested.

Finally, if you provide RITMA or third parties with personal information about another individual, you agree that you have the necessary authorization to do so and/or have obtained all necessary consents from such third parties to allow us to process it in accordance with the Policy.




13-200 rue Principale, Saint-Sauveur (J0R 1R0)

Québec, Canada



5009, BP, Boulevard Georges-Gagné S, Delson (J5B 0A6)

Québec, Canada


Personal data is information that is specifically associated with an individual and can be used to identify that individual, either directly or indirectly, i.e., by combining it with other information held by RITMA or its third party providers.

RITMA may obtain personal data when you save your information on the Platform or, if applicable, by otherwise providing your personal data, including by creating a User account and choosing a password, logging in as a registered User to the Platform, requesting a service, providing account information, or communicating with us by telephone, email or otherwise.

It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed of any changes to your personal data. You have a legal right to request access to and correction of the personal data we hold about you.

We collect the following information from you :

  • Full names;
  • Age;
  • Sex; and
  • Telephone number;
  • Home address;
  • E-mail address;
  • Location;
  • Login information;
  • Authentication information;
  • Browsing information and behavior.

If you are an employee, we also collect the following information :

  • Bank details ;
  • Social Insurance Number ;
  • Employment and criminal history.
  • If you are a therapist, we also collect the following information:
  • ID;
  • Date of birth ;
  • Fax number ;
  • Copy of diplomas ;
  • Reference;
  • CV ;
  • Employment history ;
  • Immigration status in Canada ;
  • Work permit
  • Membership in a professional order ;
  • Civil or legal lawsuits against you;
  • Professional lawsuits against you;
  • Criminal charges against you;
  • Disbarment or suspension by a professional organization, association or order against you.

Persons from whom this personal data is collected :

The User's personal data may be collected:

  • Directly from you through forms and communications, namely:
    • Registration form for the Platform ;
    • Contact form;
    • Mail communications;
    • Email communications;
    • Your Member Zone on the RITMA Platform;
    • Your user contributions on the Platform
    • Phone; and
    • Opinion survey.
  • By means of cookies
  • Through our payment providers

RITMA's legal basis for processing the User's data may be one or more of the following:

  • User's consent;
  • When it is necessary for RITMA to fulfill its legal obligations;
  • When it is necessary for the execution of a contract between the User and RITMA or before concluding it at the User's request;
  • When it is necessary to safeguard the vital interests of the User or of a third party; or
  • When it is based on a legitimate interest, such as :
    • To ensure the security of the Platform, its network and data;
    • To prevent fraud;
    • For commercial prospecting operations with the User; or
    • For internal administrative management purposes.

For more information on the protection of your personal data and your rights, you can contact the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.


Purposes for which personal data is processed

We process personal data from the User for the following reasons:

  • Creating, using and managing User accounts on our Platform;
  • Establishing and maintaining a commercial relationship with the User;
  • Providing uninterrupted service;
  • Understanding the use of the Platform;
  • Securing the Platform;
  • Analyzing and improving the User experience;
  • Communicating with the User;
  • Developing, improving, marketing or providing the Platform and our products and services;
  • Sending tailored offers and promotions to Users;
  • Maintaining backups of our databases and retaining records;
  • Preventing fraud;
  • Protecting the public and other Users;
  • Establishing, exercising or defending legal claims, whether in a judicial proceeding or in an administrative or extrajudicial proceeding for the protection and enforcement of our legal rights, your legal rights and the legal rights of others
  • Complying with applicable laws and regulations.

Sharing of personal data

RITMA takes the sharing of personal data very seriously. Situations where personal data may be shared with our partners, external websites or integrations on or using our Platform and for law enforcement purposes or legal requests.

The categories of persons to whom User personal data may be transferred are as follows :

  • Payment providers, to process Users' payments;
  • Verification service providers, to ensure the identity of Users;
  • IT service providers, to ensure the operation and security of the Platform;
  • Analysis service providers, to improve the Platform;
  • Providers of professional insurance services in the event of ethical misconduct or fraud;
  • Service providers to ensure compliance with applicable laws and regulations
  • Partners, government agencies and regulatory authorities, judicial bodies, professional bodies, associates, agents, attorneys or other representatives for the purpose of complying with legal obligations to which we are subject or for the establishment, exercise or defense of legal claims, whether in judicial, administrative or extrajudicial proceedings;
  • To any other person as permitted and/or required by law.

The User understands that RITMA may at any time share its personal data in the event of a partial or total transfer of its business to a third party. In such a case, the personal data transferred as an asset of RITMA will be subject to the same safeguards as those in this Policy.

If the User does not want its personal information to be communicated to third parties or partners, it is possible to oppose it at any time by contacting us.


We only use your personal data with your consent or as permitted by law. We obtain your consent to collect, use and disclose your personal information when:

  • you request a product or service
  • we need to use your information for a purpose different from the one for which you have already given your consent
  • you interact with us.

However, we do not obtain your consent for every interaction with you. For example, if we use your personal information for a purpose related to the one for which you have given your consent. In addition, we do not obtain your consent in certain situations provided by law, to:

  • comply with a court order or other binding request
  • enforce a debt
  • investigate a breach of contract or contravention of a law
  • prevent, stop or detect fraud


Your principal rights under data protection law are:

  • The right to access;
  • The right to rectification;
  • The right to de-indexing;
  • The right to restrict processing;
  • The right to object to processing;
  • The right to data portability;
  • The right to complain to a supervisory authority; and
  • The right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided at cost, but additional copies may be subject to a reasonable fee.

In some circumstances you have the right to the deletion of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to deletion. The general exclusions include where processing is necessary:

  • For exercising the right of freedom of expression and information;
  • For compliance with a legal obligation; or
  • For the establishment, exercise or defense of legal claims.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

If you wish to review, verify, correct or withdraw your consent to the use of your personal data, you may also email us at to request access to, correction of, or deletion of the personal data you have provided to us. We can only delete your personal data by deleting your user account as well. We may not honor a request to change information if we believe that doing so would violate a law or legal requirement or would make the information incorrect. We may charge you a fee for accessing your personal data, but we will inform you of this fee in advance.

You have access to some of your personal data and can change it in your Member Zone on the Platform. We will provide access to your personal data, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

  • Information protected by solicitor-client privilege.
  • Information that is part of a formal dispute resolution process.
  • Information that is about another individual that would reveal their personal data or confidential commercial information.
  • Information that is prohibitively expensive to provide.

If you are concerned about our handling of personal data or if you wish to correct any information you have provided to us, you may contact our Privacy Officer at

Right to withdraw your consent.Where you have provided your consent to the collection, use, and transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

Data requests. We may request specific information from you to help us confirm your identity and your rights under applicable privacy laws, and to provide you with the personal data that we hold about you or make your requested changes. After you have proven your rights regarding personal data, we will process your request within 30 days or longer if required by law. You will be notified if the time frame is longer than 30 days.

Applicable privacy laws may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.



The personal data that RITMA collects is kept in a secure environment. RITMA has adopted appropriate measures to maintain the confidentiality of personal data and to protect it from loss or theft, as well as unauthorized access, disclosure, copying, use or modification, taking into account, among other things, the sensitivity of the personal data and the purposes for which it is used. In addition, RITMA requires that each employee, agent or representative of RITMA comply with this Policy.

To ensure the security of the User's personal data, RITMA uses, among others, the following measures :

  • SSL protocols (Secure Sockets Layers);
  • Secure access to offices, servers and computers;
  • Firewalls;
  • Use of password protected data networks;
  • Confidentiality agreements with employees;
  • Canadian server.

RITMA is committed to maintaining a high level of security by integrating the latest technological innovations to ensure the confidentiality of the User's transactions in order to protect its personal data from being accessed, used or disclosed without authorization.

However, since no mechanism offers maximum security, there is always a degree of risk involved when using the Internet to transmit personal information. If a password is used to protect the User's account and personal data, it is the User's responsibility to ensure that it is kept confidential.

RITMA maintains a privacy breach registry and will contact any User whose personal data is the subject of a privacy breach that poses a risk of serious harm.


The User's personal data will not be retained beyond the purposes for which it was collected. RITMA respects the retention period of personal data in accordance with the Privacy Act. Personal data is kept for as long as it is needed for the purpose for which it was collected.

Please contact our Privacy Officer for further details on the retention periods for specific personal data.



RITMA complies with the requirements of the Canadian Anti-Spam Act (CASL). The user understands that he/she may expressly or implicitly consent to receive messages from RITMA.

To unsubscribe from our electronic communication mailing list, simply click on the "Unsubscribe" button at the bottom of our electronic messages. Please note that each time we send you an e-mail, we give you the opportunity to unsubscribe from our mailing list.

Automated decision making

RITMA does not process any personal data by automated means and we do not use your personal data for automated decision making.

Minors under 18 years of age

Our Platform is not intended for persons under the age of 18. No person under the age of 18 may provide data to or on the Platform without parental consent. If you are under 18 years of age, do not use or provide data on this Platform or on or through any of its features. Do not register on the Platform, make purchases through the Platform, use the interactive or public comment features of this Platform, or provide us with any information about yourself, including your name, address, telephone number, email address or username that you may use.

In addition, if we learn that we have collected or received personal data from minors under the age of 14 without parental consent, we will delete that information. If you believe that we have information about someone under the age of 14, please contact us at

Applicable law

This Policy is governed by the applicable laws of Quebec and Canada. These laws apply without giving effect to any principles of conflict of laws.


Each provision of this Policy forms a separate whole so that any determination by a court that any provision of this Policy is void or unenforceable shall not affect the validity or enforceability of the remaining provisions of this Policy.


We will occasionally update this Policy. Your continued use of the Platform constitutes your agreement to this Privacy Policy and any updates. If we make material changes to the way we treat our users' personal data, we will notify you by email to the address listed in your account or by a notice on the Platform's home page.

However, where the Consumer Protection Act applies, RITMA will notify Platform Users thirty (30) days prior to the effective date of the change. If the User refuses these modifications and wishes to terminate the contract, it will have no more than thirty (30) days following the entry into force of the modifications to send a notice to RITMA and terminate, without charge or penalty, its obligations to RITMA.


You may exercise your rights under this Policy or direct any other questions or complaints about RITMA's privacy practices to us by contacting us at:

By mail at :


Privacy Officer

13-200 rue Principale, Saint-Sauveur (J0R 1R0)

Québec, Canada

By email at:

We have procedures in place to receive and respond to complaints or inquiries regarding our handling of personal data, our compliance with this Policy and applicable privacy laws. To discuss our compliance with this Policy, please contact our Privacy Officer using the contact information provided above.