Sinistar Inc. (“Sinistar”, “we”, “us”, “our”) is a platform dedicated to facilitating the relocation of disaster-affected individuals by connecting them with hosts who own comfortable accommodation near their homes. The respect for your privacy and the protection of your personal information are of paramount importance to us.
This Privacy Policy (the “Policy” ) is designed to help you understand how we collect, use, and disclose your personal information. Sinistar may need access to certain personal information about you, including through your interactions with our post-disaster relocation services and our websites ("Website"), applications, products, or services (collectively, the "Sinistar Services").
By providing us with personal information (through our website, via our applications, by email, or by phone), you consent to the processing of such information in accordance with this Policy, and you authorize Sinistar, its third parties, and service providers to process your information for the purposes outlined below.
This Policy does not apply to third-party websites that may be accessed by clicking on links found on this website, and Sinistar is not responsible for such third-party websites. If you follow a link to a third-party website, it will have its own privacy policies that you should review before submitting any personal information.
For the purposes of this Privacy Policy, "personal information" refers to any information about an individual that can be used to identify them, either individually or in combination with other information. Generally, personal information does not include your professional contact details such as your name, title, work address, or work phone number.
In the course of our interactions with you, whether through the provision of Sinistar Services and other related services, during our activities, or when you communicate with us, Sinistar may collect your personal information. The personal information we collect is necessary to provide you with the requested services. This includes, but is not limited to, the following information:
Account and Profile Creation: When you register for an account, Sinistar may collect personal information such as your contact details (name, email address, phone number), information to better understand you, and information about your preferences, such as your preferred language. Some types of accounts may also allow users to enter a profile picture, a display name, location, and similar information.
User-Generated Content: Sinistar Services may collect the content you create and submit, such as information from your listings (photos, addresses, descriptions), feedback, comments, and ratings.
Content Provided in a Support Context: By using Sinistar Services, you may interact with us if you need support or simply wish to learn more about Sinistar Services. In doing so, you may submit contact details such as a name, email address, phone number, or address to our team to identify you and better assist you.
Payment Information: Sinistar may collect billing-related information and financial information, such as the name and contact details of the billing contact, billing address, and banking information or payment data.
Recruitment Information: Sinistar may collect information about current and potential employees, contractors, and individuals with professional experience. For example, a resume, information about educational background, third-party references, banking details, individual tax numbers, certain health information, or other information relevant to potential recruitment.
Device Information: Sinistar collects information about the devices used to connect to Sinistar Services or interact with them. This information may include the type of device used, the type of connection used to access Sinistar Services, the user's IP address, browser type, and device identifier. This information may be used to determine your approximate location to offer a better experience.
Use of Sinistar Services: Sinistar collects information about you when you interact with our online content. This information may include the features used, links clicked, and other similar information.
Cookies: Please refer to Section 11 to learn more about how we manage cookies.
And any other personal information provided. Please note that if you provide us with personal information about other individuals (such as your administrators, executives, insured individuals, etc.), you must ensure that you have duly informed them that you are providing us with their information and have obtained their consent to such disclosure of information.
We do not knowingly collect information from children or other individuals under the age of 16. If you are a minor under the age of 16, please do not provide us with personal information without the express consent of a parent or guardian. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minors without verification of parental consent, we will take steps to delete this information from our servers.
We collect personal information directly from the individual concerned whenever reasonably possible.
That being said, we may obtain personal information about you from a number of independent private and public sources (including social networks, certain contractors, service providers, and business partners).
Among the circumstances in which we may collect personal information about you are:
When you communicate with us (in writing, by email, by phone, or via our online chat system);
Through a temporary housing inquiry form or a contact form on the Sinistar website;
When you create an account;
When you apply for a job or any work experience or accept a job offer from us;
Through cookies;
When you enter into a contract with us.
Sinistar collects, uses, and discloses personal information for the purposes determined at the time of collection or as permitted or required by regulation. This includes, but is not limited to, the following objectives:
Opening a file and processing Sinistar Service requests or responding to inquiries;
Providing you with Sinistar Services and for conducting our business - to administer and fulfill our services, including performing our obligations arising from any agreement between you and us;
Authenticating users of our websites;
Communicating with you regarding your account and providing customer service as needed;
Processing payments or receiving payment in connection with Sinistar Services;
Facilitating the use of our websites and ensuring that content is relevant and presented in the most effective manner for you and your device;
Managing and improving our services;
Providing you with information related to Sinistar Services, updates, new features, important account information, or other written communications such as a newsletter;
Gathering your opinion on Sinistar Services - to conduct analyses to better understand our clients' service requirements and to better understand our business and improve our services;
For recruitment purposes - to enable us to process job applications and assess whether a person meets the requirements of the position for which they may apply at Sinistar;
Ensuring we get paid - to recover payments owed to us and, if necessary, to enforce such recoveries or take other legal means (including initiating legal proceedings);
Processing and resolving complaints;
Meeting our legal, regulatory, or risk management obligations;
Preventing fraud and/or conducting other background checks that may be required at any time under applicable law or regulation and/or best practices (if false or inaccurate information is provided or if fraud is detected or suspected, information may be transmitted to fraud prevention agencies and may be recorded by us or by such agencies);
Enforcing our rights, complying with our legal or regulatory obligations regarding information disclosure, and/or protecting the rights of third parties.
In accordance with the applicable data protection laws in the European Economic Area and the United Kingdom, Sinistar collects and processes personal information about individuals under various legal bases, depending on the reason for such collection or processing. Sinistar will only collect, process, or use your personal information if one of the following conditions is met:
Personal information is necessary to provide you with Sinistar services, such as support services, to offer a personalized experience, and to ensure the security of Sinistar services;
You have consented to the processing of your personal information for one or more specific purposes;
Processing of your personal information is necessary to comply with a legal obligation;
Processing of personal information is justified by a legitimate interest of Sinistar (which does not override your data protection interests) or to protect the legal rights and interests of Sinistar.
If a user has consented to the use of their personal information by Sinistar, they can withdraw their consent at any time, although this does not affect processing that took place before the withdrawal. When Sinistar processes a user's personal information because it relies on its legitimate interests, objecting to the processing may mean that the user will no longer be able to use or access the services or the website.
To provide you with Sinistar Services, we may need to share the personal information we collect with certain third parties. Sinistar does not rent or sell any of your personal information to third parties and will not share it with third parties without your consent, unless required by law or necessary for the purposes outlined below:
Other members. Sinistar may share some of your personal information with other Sinistar members (hosts, disaster victims, disaster experts) as part of a relocation. Disclosure is limited to what is strictly necessary.
Our partners or service providers. Sinistar may engage partners or service providers to facilitate its operations (security, hosting, data analysis, payment processing, email updates, customer support, etc.). In the course of these business activities, Sinistar service providers may have access to your personal information to use it for a limited period within the scope of these business activities. We limit the information we provide to these service providers to only the information that is reasonably necessary for them to perform their functions.
When required by applicable law. For example, to government authorities and law enforcement agencies when required by applicable laws. For clarity, we may disclose personal information and other information if we are required to do so by law or if we believe in good faith that such disclosure is necessary to comply with applicable laws, in response to a court order or subpoena, or government search warrant, or otherwise to cooperate with such government authorities and law enforcement agencies.
During business transactions. We may share your personal information without your authorization when our business activities require it (in the case of a merger, acquisition, bankruptcy, or sale of assets, for example). For such an event, we may also share all or part of your personal information with the relevant third party (or its advisors) as part of a due diligence process.
Other authorized communications. If applicable laws permit us, we may also disclose your personal information when you have consented to such disclosure; when you reasonably expect us to use or disclose your personal information in a certain way; when the disclosure is one of the purposes for which the information was obtained or is directly related to the purposes for which the information was obtained; when the source of the information is a publicly available publication and, in the particular circumstances, it would not be unfair or unreasonable to disclose the information.
Personal information is retained for as long as necessary for the purposes outlined in this policy and to ensure compliance with our legal, tax, or regulatory obligations. After this period, any information held by Sinistar will be destroyed, deleted, or anonymized in accordance with Sinistar's data retention policy.
Sinistar has implemented security measures to protect your personal information in accordance with generally accepted security standards in the industry. Sinistar has established systems, policies, and technical, organizational, and administrative procedures to help ensure the security, integrity, and confidentiality of personal information and to mitigate the risk of unauthorized access to or use of such personal information, including:
Appropriate backup measures and other security measures designed to ensure the security and confidentiality of the personal information we manage;
Proper internal practices, including, but not limited to, data encryption in transit, the use of appropriate firewalls and antivirus software, password access controls, and secure servers;
Permission for access to systems and applications only by authorized users who access them only when necessary in the performance of their duties (principle of least privilege);
We regularly review our security arrangements to ensure that we take reasonable and technically feasible measures available at that time to protect your personal information;
We raise awareness among our employees about the importance of preserving the confidentiality of personal information, and we exercise caution when disposing of or destroying personal information to prevent unauthorized access. Employees also undergo cybersecurity training to raise awareness on this matter.
Sinistar has obtained its SOC 2 (Service Organization Control) attestation.
That being said, no method of Internet transmission or electronic storage is 100% secure. Therefore, we cannot assure or guarantee the security of the information you transmit to us or provide to us, and you do so at your own risk. We also cannot guarantee that such information will not be accessed, obtained, disclosed, altered, or destroyed as a result of a breach of our physical, technical, or administrative protection measures. If you have reason to believe that personal information has been compromised, please contact us using the contact information provided in Section 12.
Under applicable laws, you may have the right to access your personal information or have it corrected, the right to its accuracy, the right to withdraw your consent to the communication or use of the collected personal information, the right to erasure, restriction, transfer of personal information, the right to object to the processing of personal information or automated decision-making, and the right to non-discrimination in exercising these rights.
To exercise any of these rights (to the extent you are entitled to), please submit your request to us by writing to the Data Protection Officer, as indicated in Section 12. Depending on the right exercised, we will inform you of the procedure to follow, the processing time, and the necessary information. We will endeavor to process your request within a reasonable time. We may charge a fee to cover the costs of processing your request if it is unfounded or excessive.
Unless the law requires or permits us to refuse to do so, we will provide you, upon request, with details of the personal information we have collected about you, or we will update and correct your personal information in accordance with your request. When we are also required by applicable law to provide additional information about the use or disclosure of your personal information, we will do so upon your request.
If we refuse to grant you access to your personal information, to correct or delete it as requested, or if we do not respond to your requests, we will inform you. In such cases, we will communicate the reasons for our decision and the mechanisms available to challenge the refusal. If the refusal concerns a request to correct your personal information, you may make a statement about the requested modification, and we will include it in your file.
In certain circumstances, and subject to contrary legal obligations, we may not be able to grant access to your personal information or respond to your requests regarding your Personal Information, for example, if your request is frivolous, if your information is not retrievable, if your request is reasonably likely to constitute a serious threat to the security of a person or the public, etc.
When users visit the website, Sinistar may collect technical information using electronic means such as cookies. We use the term "cookies" in this Policy to refer to all files that collect information in this way. This information may include data about your visits to the website, including your computer's IP address and the browser used to view the website, operating system, screen resolution, approximate location, browser language settings, number of pages viewed, information entered, etc. This data is used to measure and improve the effectiveness of the website or to enhance your user experience. Although most of the time this information is depersonalized, if this information is linked to an identifiable person, Sinistar will treat this information as personal information.
These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually set in response to actions you have taken that constitute a request for services, such as setting your privacy preferences, logging in, or filling out forms. You can configure your browser to block or be notified of the existence of these cookies, but some parts of the website may be affected. These cookies do not store any personally identifiable information.
These cookies enable us to improve and personalize the functionality of the website. If you do not accept these cookies, some or all of these services may not function properly.
These cookies allow us to determine the number of visits and sources of traffic in order to measure and improve the performance of our website. They also help us identify the most/least visited pages and evaluate how visitors navigate the website. All information collected by these cookies is aggregated and therefore anonymized. If you do not accept these cookies, we will not be informed of your visit to our site.
You can block the use of cookies via the cookie banner on websites or through your browser settings. The "Help" function on most browsers will show you how to prevent your browser from accepting new cookies, how to request the browser to notify you when cookies are issued, or how to completely disable cookies. If you choose to completely disable cookies, you may not be able to fully enjoy all the features offered by the websites.
Your personal information is currently hosted in Canada, specifically in Montreal, Quebec.
Your personal information may be disclosed to service providers located outside of Canada (including outside of the province of Quebec) which may include technology service providers, data storage providers, customer service management providers, and email providers to carry out specific mandates in the normal course of business.
Therefore, it is possible that some of your personal information may be transferred outside of your province, territory, state, or country of residence. In such cases, we will ensure that your personal information is transferred to countries that have received an adequacy decision from the competent authority, or that your personal information is adequately protected by technical, organizational, contractual, or other appropriate legal means.
You agree and acknowledge that foreign recipients of your personal information will also be subject to the privacy laws of their local jurisdiction. These foreign privacy laws may be different:
(if located in Canada) the Personal Information Protection and Electronic Documents Act, the privacy principles set out in this law, and applicable provincial privacy legislation;
(if located in Europe) the General Data Protection Regulation (“GDPR”);
(if located in the United States) state laws regarding data that are applicable; or
(in other jurisdictions where we operate) other applicable laws relating to data protection.
You acknowledge and accept these international transfers of data and information regarding the Personal Information described above.
To ask questions or provide feedback regarding this Privacy Policy or personal information, to exercise your rights, to file a complaint, or to obtain information about our policies and practices regarding our service providers outside of Canada, please contact us at:
Sinistar Inc.
Attn: Data Protection Officer (DPO)
433 Blvd St-Joseph East Montreal (Quebec) Canada H2J 1J6
Email: support-legal@sinistar.ca
We frequently review this Privacy Policy to keep it up-to-date in accordance with applicable laws, new technologies, standards, customer concerns, and our business activities. If significant changes are made to this Policy, update notices (such as online notices or emails) may be used to notify you of these changes. Otherwise, posting the revised Privacy Policy on the Sinistar Services will be deemed sufficient notice to you, and by continuing to use Sinistar services or by submitting personal information to us, you consent to any changes to our Privacy Policy.