{"id":23926,"date":"2026-02-16T19:52:37","date_gmt":"2026-02-16T19:52:37","guid":{"rendered":"https:\/\/valoraestate.com\/security-and-privacy\/"},"modified":"2026-03-30T12:29:39","modified_gmt":"2026-03-30T12:29:39","slug":"security-and-privacy","status":"publish","type":"page","link":"https:\/\/valoraestate.com\/en\/security-and-privacy\/","title":{"rendered":"Security and Privacy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"23926\" class=\"elementor elementor-23926 elementor-22699\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-38a0313b elementor-section-boxed elementor-section-height-default elementor-section-height-default sc_fly_static\" data-id=\"38a0313b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-extended\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-52476443 sc_content_align_inherit sc_layouts_column_icons_position_left sc_fly_static\" data-id=\"52476443\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-734b6ef sc_fly_static elementor-widget elementor-widget-heading\" data-id=\"734b6ef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Security and Privacy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6351d37f sc_fly_static elementor-widget elementor-widget-text-editor\" data-id=\"6351d37f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"p1\"><b>Section 1 \u2014 Scope and Definitions<\/b><\/p><p class=\"p1\"><b>1.1 Document Scope<\/b><\/p><p class=\"p1\">This <b>Security &amp; Privacy<\/b> page describes, at a <b>general and public<\/b> level, the measures and principles applied by <b>Valora Estate Concierge Inc.<\/b> (&#8220;<b>VALORA<\/b>&#8220;) to protect the information and records processed within the scope of:<\/p><ul class=\"ul1\"><li class=\"li1\">the use of the <b>valoraestate.com<\/b> website (&#8220;the <b>Site<\/b>&#8220;), including contact\/quote forms and related communications;<\/li><li class=\"li1\">the provision of <b>post-mortem<\/b> services (access &amp; securing, on-site inventory, disposal\/storage, liquidation, final report);<\/li><li class=\"li1\">the provision of <b>lifetime<\/b> services (living estate file: estate inventory, document index, access and key register, update plan, handover protocol).<\/li><\/ul><p class=\"p1\">This page is intended to explain <b>how<\/b> we approach security and privacy, <b>without<\/b> replacing our <b>Privacy Policy<\/b>, which specifies the categories of personal information, purposes, disclosures to third parties, retention periods, and applicable rights.<\/p><p class=\"p1\"><b>1.2 Applicable Framework (Summary)<\/b><\/p><p class=\"p1\">VALORA operates in Quebec. The protection of personal information held, used, or disclosed in the course of business operations is notably governed by the <b>Act respecting the protection of personal information in the private sector (P-39.1)<\/b> (often associated with &#8220;Bill 25&#8221; for its amendments). <\/p><p class=\"p1\">Methodological note: security is implemented according to a logic of <b>reasonable measures<\/b> proportionate to the sensitivity of the information and the context of use, in accordance with the framework of the Private Sector Act.<\/p><p class=\"p1\"><b>1.3 Definitions (for reading this page)<\/b><\/p><p class=\"p1\">For the purposes of this page:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>Personal Information<\/b>: information concerning a natural person that allows them to be identified, directly or indirectly (e.g., contact details, financial information, information related to an estate file, etc.), according to the meaning recognized in Quebec law applicable to the private sector.<\/li><li class=\"li1\"><b>Record<\/b>: all information (documents, photos, inventory, reports, communications) relating to a mandate entrusted to VALORA (post-mortem or living estate file).<\/li><li class=\"li1\"><b>Confidentiality Incident<\/b>: an event involving, for example, unauthorized access, unauthorized use, unauthorized disclosure, or loss of personal information. The Private Sector Act provides a management framework and, in certain cases, the obligation to notify or keep a register regarding incidents. <\/li><li class=\"li1\"><b>Supplier \/ Subcontractor<\/b>: third party that may provide technological or operational services (e.g., hosting, storage, signing, transport, warehousing, specialized services) within the scope of a mandate, according to applicable authorizations and the governance provided in the record.<\/li><li class=\"li1\"><b>Security Measures<\/b>: administrative, physical, and technological controls designed to protect the confidentiality, integrity, and availability of information (e.g., access control, logging, backups), described here in general terms.<\/li><li class=\"li1\"><b>Technological Means<\/b>: notably a website, an online form, or an application, through which personal information may be collected; the CAI emphasizes the importance of clearly written and publicly accessible policies when collection occurs through these means.<\/li><\/ul><p class=\"p1\"><b>Section 2 \u2014 Security Commitments (General Framework)<\/b><\/p><p class=\"p1\"><b>2.1 Guiding Principle: \u201cReasonable\u201d and Proportionate Measures<\/b><\/p><p class=\"p1\">VALORA implements <b>security measures designed to ensure the protection<\/b> of personal information collected, used, disclosed, stored, or destroyed. These measures are designed to be <b>reasonable and proportionate<\/b>, particularly based on: <\/p><ul class=\"ul1\"><li class=\"li1\">the <b>sensitivity<\/b> of the information (e.g., financial information, estate documents, photos, inventories);<\/li><li class=\"li1\">the <b>purpose<\/b> of use;<\/li><li class=\"li1\">the <b>quantity<\/b> and <b>medium<\/b> (paper\/digital) of the information;<\/li><li class=\"li1\">the operational context (on-site, multi-stakeholder, urgency, etc.).<\/li><\/ul><p class=\"p1\">Important: &#8220;zero risk&#8221; security does not exist. Our commitment is part of a structured and proportionate approach, focused on prevention, detection, response, and continuous improvement. <\/p><p class=\"p1\"><b>2.2 Governance: Responsibilities, Policies, and Internal Practices<\/b><\/p><p class=\"p1\">VALORA frames the protection of personal information through <b>governance policies and practices<\/b> aimed at ensuring its protection throughout its lifecycle. These policies and practices notably cover: <\/p><ul class=\"ul1\"><li class=\"li1\"><b>retention<\/b> and <b>destruction<\/b>;<\/li><li class=\"li1\">the <b>roles and responsibilities<\/b> of staff members;<\/li><li class=\"li1\">internal mechanisms for <b>handling complaints<\/b> related to the protection of personal information.<\/li><\/ul><p class=\"p1\">VALORA also designates a <b>personal information protection officer<\/b>, whose identity and contact details must be made accessible (notably via the Site, where applicable).<\/p><p class=\"p1\"><b>2.3 Minimization and \u201cNeed-to-Know\u201d<\/b><\/p><p class=\"p1\">VALORA applies a discipline of <b>minimization<\/b>: collecting and using only the information necessary to perform the mandate, while avoiding over-collection. This approach is combined with a <b>need-to-know<\/b> principle: <\/p><ul class=\"ul1\"><li class=\"li1\">limited access for individuals who need to access information to perform the mandate;<\/li><li class=\"li1\">segmentation of information when relevant (e.g., separate access to sensitive documents);<\/li><li class=\"li1\">framing of internal and external communications based on role and scope.<\/li><\/ul><p class=\"p1\"><b>2.4 Traceability and Operational Discipline<\/b><\/p><p class=\"p1\">In estate mandates, VALORA prioritizes a logic of traceability, notably through:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>logging<\/b> and registers when required by the mandate (e.g., site access, key handover);<\/li><li class=\"li1\">structured deliverables (exportable inventory, indexed photo album, decision log), to reduce grey areas and improve governance.<\/li><\/ul><p class=\"p1\">This traceability aims for operational and evidentiary clarity, while remaining consistent with minimization (retaining only what is justified by the purpose of the mandate).<\/p><p class=\"p1\"><b>2.5 Security Culture: Awareness and Continuous Improvement<\/b><\/p><p class=\"p1\">VALORA aims to maintain a security culture adapted to on-site realities and sensitive records, by:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>raising staff awareness<\/b> of best practices (confidentiality, communication prudence, document handling);<\/li><li class=\"li1\">reviewing and adjusting practices when risks are identified;<\/li><li class=\"li1\">a logic of continuous improvement (e.g., updating procedures as tools or threats evolve).<\/li><\/ul><p class=\"p1\"><b>Section 3 \u2014 Access Controls, Identity, and Logging<\/b><\/p><p class=\"p1\"><b>3.1 Principle: \u201cLeast Privilege\u201d and Separation of Roles<\/b><\/p><p class=\"p1\">VALORA applies the principle of <b>least privilege<\/b>: each person accesses only the information necessary to perform their tasks, for the required duration. Accesses are structured by <b>roles<\/b> (e.g., field, coordination, administration) and adjusted according to the sensitivity of the record. <\/p><p class=\"p1\">This approach is part of the obligation to protect personal information through reasonable security measures (particularly based on its sensitivity and context).<\/p><p class=\"p1\"><b>3.2 Identity Management and Authentication<\/b><\/p><p class=\"p1\">When technological tools are used (e.g., storage, document sharing, signing, record management), VALORA prioritizes:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>named<\/b> identifiers (no shared accounts, where possible);<\/li><li class=\"li1\">enhanced authentication mechanisms (<b>MFA<\/b>) when available and proportionate to the risk;<\/li><li class=\"li1\">a discipline of identifier management (creation, deletion\/deactivation, reset) to limit the risk of unauthorized access.<\/li><\/ul><p class=\"p1\">The exact measures vary depending on the tool and the scope of the mandate, but the logic remains: controlled, traceable, and reviewable access.<\/p><p class=\"p1\"><b>3.3 Access Controls for Records and Data (Digital)<\/b><\/p><p class=\"p1\">VALORA structures access to records and documents according to:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>rights per record<\/b> (e.g., record A \u2260 record B);<\/li><li class=\"li1\">limitation of external sharing (e.g., controlled links, identified recipients);<\/li><li class=\"li1\">separation, when relevant, between:<br><ul class=\"ul1\"><li class=\"li1\">operational management documents (inventory, indexed photos, reports),<\/li><li class=\"li1\">highly sensitive documents (e.g., certain financial information), with restricted access.<\/li><\/ul><\/li><\/ul><p class=\"p1\">The objective is to avoid &#8220;implicit access&#8221; and maintain consistency between the purposes of the mandate and the access granted.<\/p><p class=\"p1\"><b>3.4 Physical Access Controls (On-site) and \u201cChain of Custody\u201d<\/b><\/p><p class=\"p1\">On-site, VALORA applies access control practices adapted to estate mandates:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>key register<\/b> (who holds what, handover\/return dates, restrictions);<\/li><li class=\"li1\"><b>access log<\/b> (who entered, when, why), when the context justifies it;<\/li><li class=\"li1\"><b>basic instructions<\/b> aimed at reducing ambiguities when multiple people are involved.<\/li><\/ul><p class=\"p1\">These mechanisms aim to reduce grey areas regarding access and support traceability, while remaining proportionate to the record (avoiding unnecessary over-documentation).<\/p><p class=\"p1\"><b>3.5 Logging: Purpose, Minimization, and Duration<\/b><\/p><p class=\"p1\">When logging is implemented (depending on the tool and the record), VALORA aims for <b>useful<\/b> logging:<\/p><ul class=\"ul1\"><li class=\"li1\">to detect and understand unauthorized access or anomalies;<\/li><li class=\"li1\">to support operational traceability (what was done and when).<\/li><\/ul><p class=\"p1\">Logs are retained based on a logic of <b>necessity<\/b> and <b>minimization<\/b> and should not become a disproportionate collection of information. The exact parameters (log type, duration) are adjusted based on risk, sensitivity, and context. <\/p><p class=\"p1\"><b>3.6 Access Review and Withdrawal<\/b><\/p><p class=\"p1\">VALORA aims to:<\/p><ul class=\"ul1\"><li class=\"li1\">review access when the scope changes (new milestone, new supplier, change of role);<\/li><li class=\"li1\">withdraw or deactivate access when not required (end of mandate, staff change, etc.).<\/li><\/ul><p class=\"p1\">This discipline reduces the risks of residual access and supports overall compliance with the principle of information protection.<\/p><p class=\"p1\"><b>Section 4 \u2014 Encryption, Backups, and Continuity (Realistic Level, Without Over-Promising)<\/b><\/p><p class=\"p1\"><b>4.1 Principle: Protect Confidentiality, Integrity, and Availability (Proportionate)<\/b><\/p><p class=\"p1\">VALORA aims to protect:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>confidentiality<\/b> (prevent unauthorized access),<\/li><li class=\"li1\"><b>integrity<\/b> (prevent unauthorized alteration),<\/li><li class=\"li1\"><b>availability<\/b> (maintain legitimate access when required),<\/li><\/ul><p class=\"p1\">through <b>reasonable<\/b> measures proportionate to the sensitivity of the information and the context of use.<\/p><p class=\"p1\"><b>4.2 Encryption: \u201cIn Transit\u201d and \u201cAt Rest\u201d When Available and Appropriate<\/b><\/p><p class=\"p1\">When VALORA uses technological tools (e.g., storage, sharing, record management, signing), we prioritize solutions that offer, <b>when available<\/b>, protections such as:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>in-transit<\/b> encryption (secure communications between systems),<\/li><li class=\"li1\"><b>at-rest<\/b> encryption (protection of stored data).<\/li><\/ul><p class=\"p1\">Important: the exact level of encryption depends on the tools chosen and the scope of the mandate. We avoid publicly disclosing precise technical parameters, while maintaining the objective of limiting information exposure and reducing the risk of unauthorized access, in accordance with the obligation to take reasonable security measures. <\/p><p class=\"p1\"><b>4.3 Backups: Objective of Reasonable Recovery<\/b><\/p><p class=\"p1\">VALORA implements <b>backup<\/b> mechanisms adapted to the criticality of operational information (inventories, reports, documents, and deliverables), to reduce the impacts of accidental loss or an incident.<\/p><ul class=\"ul1\"><li class=\"li1\">Backups are designed to allow for reasonable recovery of information, depending on the context and the tool used.<\/li><li class=\"li1\">The terms (frequency, retention, scope) are determined based on volume, sensitivity, usage, and risks.<\/li><\/ul><p class=\"p1\">We avoid displaying quantified commitments (e.g., guaranteed deadlines) when this is not realistic for field operations; the objective remains <b>proportionate resilience<\/b>.<\/p><p class=\"p1\"><b>4.4 Restoration: Pragmatic Verifications<\/b><\/p><p class=\"p1\">Where applicable to the tools selected, VALORA performs <b>pragmatic verifications<\/b> to ensure that backup and restoration mechanisms are usable (e.g., spot checks, verifications during major changes or as needed).<\/p><p class=\"p1\"><b>4.5 Business Continuity: Operational Priorities<\/b><\/p><p class=\"p1\">In the event of tool unavailability or an incident, VALORA applies a <b>proportionate<\/b> continuity logic, based on:<\/p><ul class=\"ul1\"><li class=\"li1\">prioritization of critical actions (e.g., access, inventory, deliverables required at milestone),<\/li><li class=\"li1\">use of reasonable alternative mechanisms (e.g., fallback procedures, rescheduling, limited manual consolidation),<\/li><li class=\"li1\">documentation of impacts when this affects deliverables or pace.<\/li><\/ul><p class=\"p1\">This approach aligns with the obligation to protect information and manage risk reasonably within the scope of activities.<\/p><p class=\"p1\"><b>4.6 Limitations (Reality Clause)<\/b><\/p><p class=\"p1\">No security measure can eliminate all risk. VALORA is committed to adopting a structured and proportionate approach and to adjusting its practices as risks or tools evolve, in compliance with the applicable framework. <\/p><p class=\"p1\"><b>Section 5 \u2014 Incident Management (Cyber\/Breach) and Register<\/b><\/p><p class=\"p1\"><b>5.1 Principle: Structured, Proportionate, Documented Response<\/b><\/p><p class=\"p1\">VALORA applies an <b>incident management<\/b> approach aimed at:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>detecting<\/b> and <b>qualifying<\/b> the event (nature, scope, data concerned);<\/li><li class=\"li1\"><b>containing<\/b> and limiting the impact (reasonable immediate measures);<\/li><li class=\"li1\"><b>correcting<\/b> the cause or reducing the likelihood of recurrence;<\/li><li class=\"li1\"><b>documenting<\/b> the incident and actions taken.<\/li><\/ul><p class=\"p1\">This approach is part of the obligations of the Private Sector Act regarding <b>confidentiality incidents<\/b> (definition, measures, keeping a register, notification when required).<\/p><p class=\"p1\"><b>5.2 Internal Process (Typical Steps)<\/b><\/p><p class=\"p1\">Without claiming a heavy &#8220;enterprise&#8221; model, VALORA follows a pragmatic process:<\/p><ol class=\"ol1\"><li class=\"li1\"><b>Reporting and Evaluation<\/b><b><\/b><br><ul class=\"ul1\"><li class=\"li1\">receipt of a report (internal or external);<\/li><li class=\"li1\">initial evaluation (urgency, systems concerned, potentially affected data).<\/li><\/ul><\/li><\/ol><ol class=\"ol1\"><li class=\"li1\"><b>Containment \/ Immediate Measures<\/b><b><\/b><\/li><\/ol><ol class=\"ol1\"><li style=\"list-style-type: none;\"><ul class=\"ul1\"><li class=\"li1\">access limitation, account suspension, removal of a shared link, etc., as appropriate;<\/li><li class=\"li1\">measures aimed at reducing the risk of harm.<\/li><\/ul><\/li><\/ol><ol class=\"ol1\"><li class=\"li1\"><b>Analysis and Qualification<\/b><b><\/b><\/li><\/ol><ol class=\"ol1\"><li style=\"list-style-type: none;\"><ul class=\"ul1\"><li class=\"li1\">identification of personal information concerned;<\/li><li class=\"li1\">analysis of the probable cause (e.g., human error, unauthorized access, loss, supplier incident).<\/li><\/ul><\/li><\/ol><ol class=\"ol1\"><li class=\"li1\"><b>Remediation and Prevention<\/b><b><\/b><\/li><\/ol><ol class=\"ol1\"><li style=\"list-style-type: none;\"><ul class=\"ul1\"><li class=\"li1\">reasonable corrective actions (procedure, configuration, access, training, etc.);<\/li><li class=\"li1\">adjustments to controls when relevant.<\/li><\/ul><\/li><\/ol><ol class=\"ol1\"><li class=\"li1\"><b>Closure and Documentation<\/b><b><\/b><\/li><\/ol><ol class=\"ol1\"><li style=\"list-style-type: none;\"><ul class=\"ul1\"><li class=\"li1\">recording in the incident register;<\/li><li class=\"li1\">lessons learned and follow-up actions.<\/li><\/ul><\/li><\/ol><p class=\"p1\"><b>5.3 Confidentiality Incident Register<\/b><\/p><p class=\"p1\">VALORA maintains a <b>confidentiality incident register<\/b>, in accordance with applicable requirements. The register aims to keep a record of incidents and their handling, notably to support: <\/p><ul class=\"ul1\"><li class=\"li1\">internal traceability;<\/li><li class=\"li1\">compliance with the obligations of the Act;<\/li><li class=\"li1\">continuous improvement of practices.<\/li><\/ul><p class=\"p1\"><b>Note<\/b>: the register may include elements such as the date, nature of the incident, affected information (categories), measures taken, and, where applicable, notifications sent, as required by the legal framework.<\/p><p class=\"p1\"><b>5.4 Notification to the CAI and Individuals: When and Why<\/b><\/p><p class=\"p1\">When a confidentiality incident presents a <b>risk of serious harm<\/b>, the Private Sector Act provides for obligations to notify:<\/p><ul class=\"ul1\"><li class=\"li1\">the <b>Commission d\u2019acc\u00e8s \u00e0 l\u2019information (CAI)<\/b>; and<\/li><li class=\"li1\">the <b>person concerned<\/b>, subject to the terms provided by law (and applicable exceptions).<\/li><\/ul><p class=\"p1\">VALORA assesses the risk taking into account, notably:<\/p><ul class=\"ul1\"><li class=\"li1\">the <b>sensitivity<\/b> of the information involved;<\/li><li class=\"li1\">the anticipated <b>consequences<\/b> of its use;<\/li><li class=\"li1\">the <b>probability<\/b> that it will be used for harmful purposes.<\/li><\/ul><p class=\"p1\"><b>5.5 Mitigation Measures and Pragmatic Communications<\/b><\/p><p class=\"p1\">Depending on the context, VALORA may implement reasonable measures to reduce the risk, for example:<\/p><ul class=\"ul1\"><li class=\"li1\">deactivation of access, resetting of links\/identifiers, limitation of sharing;<\/li><li class=\"li1\">targeted notifications to concerned individuals on prudent actions to take (without unnecessarily alarming);<\/li><li class=\"li1\">coordination with a technological supplier when the incident concerns them.<\/li><\/ul><p class=\"p1\">External communications are framed to be <b>factual<\/b> (what, when, plausible impact, measures taken) and to avoid unrealistic promises, while satisfying notification requirements when they apply.<\/p><p class=\"p1\"><b>5.6 \u201cIncident \/ Privacy\u201d Contact Point<\/b><\/p><p class=\"p1\">VALORA maintains a contact point for:<\/p><ul class=\"ul1\"><li class=\"li1\">reporting an incident or a privacy concern;<\/li><li class=\"li1\">exercise rights relating to personal information.<\/li><\/ul><p class=\"p1\">(The contact details of the officer are included in the appropriate documents, notably the Privacy Policy.)<\/p><p class=\"p1\"><b>Section 6 \u2014 Management of Suppliers and Subcontractors<\/b><\/p><p class=\"p1\"><b>6.1 Principle: Use of Suppliers, but Controlled Access<\/b><\/p><p class=\"p1\">VALORA may use <b>suppliers<\/b> and <b>subcontractors<\/b> (e.g., hosting, storage, signing tools, messaging, operational services such as transport and warehousing, or specialized subcontracted services) when necessary to perform a mandate.<\/p><p class=\"p1\">In all cases, the objective is to:<\/p><ul class=\"ul1\"><li class=\"li1\">limit access to personal information to the <b>strictly necessary<\/b> (minimization);<\/li><li class=\"li1\">frame access and use with <b>reasonable measures<\/b>;<\/li><li class=\"li1\">maintain traceability and governance consistent with the mandate.<\/li><\/ul><p class=\"p1\"><b>6.2 Typical Categories of Suppliers (Examples)<\/b><\/p><p class=\"p1\">Depending on the mandates and tools selected, VALORA may use or coordinate suppliers, including:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>Technology<\/b>: hosting, storage and sharing, productivity tools, signing, CRM\/record management (if deployed), analytics (if activated).<\/li><li class=\"li1\"><b>Field Operations:<\/b> transport, warehousing, disposal and processing of goods (depending on channels), as well as ad hoc services.<\/li><li class=\"li1\"><b>Specialized Services<\/b>: e.g., Preparation of tax returns by subcontract (in accordance with defined mandates and scope).  <\/li><\/ul><p class=\"p1\">These examples are not exhaustive. The suppliers actually used depend on the mandate and operational choices. <\/p><p class=\"p1\"><b>6.3 Contractual Framework and Supplier Obligations<\/b><\/p><p class=\"p1\">When VALORA <b>entrusts<\/b> a third party with the mandate to collect, store, use, or disclose personal information on its behalf, the Private Sector Act requires a written contractual framework, including notably:<\/p><ul class=\"ul1\"><li class=\"li1\">the supplier&#8217;s obligation to implement <b>security measures<\/b>;<\/li><li class=\"li1\">the obligation to notify VALORA in case of a <b>confidentiality incident<\/b>;<\/li><li class=\"li1\">conditions on the <b>disclosure<\/b> of information (e.g., limitation, authorization);<\/li><li class=\"li1\">requirements relating to the <b>destruction<\/b> or return of information at the end of the mandate.<\/li><\/ul><p class=\"p1\"><b>6.4 Access Control and Operational Principles<\/b><\/p><p class=\"p1\">In practice, VALORA applies a &#8220;reasonable&#8221; discipline to reduce exposure:<\/p><ul class=\"ul1\"><li class=\"li1\">access limited to only the necessary persons\/functions at the supplier;<\/li><li class=\"li1\">document sharing via controlled mechanisms (identified recipients, limited links when possible);<\/li><li class=\"li1\">withdrawal\/deactivation of access when no longer needed (end of milestone, end of mandate);<\/li><li class=\"li1\">framing of communications (avoiding sending sensitive data via uncontrolled channels).<\/li><\/ul><p class=\"p1\"><b>6.5 Operational Subcontracting: Decisions, Approvals, and Proofs<\/b><\/p><p class=\"p1\">When suppliers intervene on-site (e.g., storage, transport, disposal), VALORA frames the execution by:<\/p><ul class=\"ul1\"><li class=\"li1\">a clear scope (what, when, how);<\/li><li class=\"li1\"><b>approvals<\/b> when irreversible actions or significant disbursements are involved;<\/li><li class=\"li1\"><b>supporting documents<\/b>, when available (slips, confirmations, receipts), and their integration into the record.<\/li><\/ul><p class=\"p1\"><b>6.6 Transparency: Where it is Documented<\/b><\/p><p class=\"p1\">Details on:<\/p><ul class=\"ul1\"><li class=\"li1\">the categories of personal information,<\/li><li class=\"li1\">the purposes,<\/li><li class=\"li1\">disclosures to third parties,<\/li><li class=\"li1\">and, where applicable, the possibility of transfers outside Quebec (if applicable)<\/li><\/ul><p class=\"p1\">are described in more detail in the <b>Privacy Policy<\/b>, which must be accessible via the Site when collection is carried out through a technological means.<\/p><p class=\"p1\"><b>Section 7 \u2014 Data Outside Quebec (If Applicable): Principle and Governance<\/b><\/p><p class=\"p1\"><b>7.1 Principle: Transparency and Prudence<\/b><\/p><p class=\"p1\">VALORA may, <b>where applicable<\/b>, use suppliers or technological solutions whose infrastructure or certain operations involve the <b>disclosure of personal information outside Quebec<\/b> (&#8220;transfer outside Quebec&#8221;). In such a case, VALORA aims for a prudent approach: limiting what is disclosed, framing the disclosure, and ensuring that the level of protection remains adequate given the sensitivity of the information. <\/p><p class=\"p1\"><b>7.2 Legal Framework: Assessment and Framing Before Disclosure<\/b><\/p><p class=\"p1\"><b>When<\/b> personal information must be disclosed outside Quebec, the Act respecting the protection of personal information in the private sector provides for prior framing, including notably:<\/p><ul class=\"ul1\"><li class=\"li1\">the assessment of privacy factors (including, among others, the sensitivity of the information, the purpose, protection measures, and the applicable legal framework in the destination State); and<\/li><li class=\"li1\">the conclusion of a written agreement containing measures to ensure adequate protection.<\/li><\/ul><p class=\"p1\">Deliberately cautious wording: VALORA does not state here that transfers systematically occur; this section frames the <b>case where<\/b> a transfer would be necessary.<\/p><p class=\"p1\"><b>7.3 Minimization and Operational Choices<\/b><\/p><p class=\"p1\">In the event that a transfer outside Quebec is required, VALORA aims to:<\/p><ul class=\"ul1\"><li class=\"li1\">limit disclosure to information necessary for the purpose;<\/li><li class=\"li1\">prioritize, when reasonable, configurations that reduce exposure (e.g., restricted access, record segmentation);<\/li><li class=\"li1\">avoid over-collection and uncontrolled sharing.<\/li><\/ul><p class=\"p1\"><b>7.4 Information for data subjects <\/b><\/p><p class=\"p1\">Information on disclosures to third parties and, where applicable, on the possibility of disclosures outside Qu\u00e9bec is set out in the <b>Privacy Policy<\/b>, which describes the categories of information, purposes, and disclosure practices.<\/p><p class=\"p1\"><b>Section 8 \u2014 Privacy Settings, Technologies, and Consents<\/b><\/p><p class=\"p1\"><b>8.1 Principle: Transparency and Control \u201cWhen Relevant\u201d<\/b><\/p><p class=\"p1\">VALORA aims to use technologies and privacy settings sparingly: only when necessary for the operation of the Site, the management of requests (quotes and evaluations), or the execution of a mandate. When technologies can <b>identify, locate, or profile<\/b> an individual, transparency and prior information are essential. <\/p><p class=\"p1\"><b>8.2 Identification, Location, or Profiling Technologies (If Used)<\/b><\/p><p class=\"p1\"><b>If<\/b> VALORA uses, on the Site or via digital tools, a technology allowing identification, location, or profiling, VALORA aims to:<\/p><ul class=\"ul1\"><li class=\"li1\">inform concerned individuals <b>in advance<\/b>;<\/li><li class=\"li1\">indicate the means offered to <b>activate<\/b> these functions (or, where applicable, configure or deactivate them), in accordance with the applicable framework.<\/li><\/ul><p class=\"p1\"><b>8.3 Consent: \u201cTransactional vs. Marketing\u201d Logic<\/b><\/p><p class=\"p1\">VALORA distinguishes between:<\/p><ul class=\"ul1\"><li class=\"li1\"><b>transactional<\/b> communications (responding to a request, managing a mandate), which are necessary for the service relationship;<\/li><li class=\"li1\"><b>marketing<\/b> communications (newsletter, offers), which require separate consent and appropriate withdrawal and unsubscribe mechanisms.<\/li><\/ul><p class=\"p1\"><b>8.4 Cookies, trackers, and analytics<\/b><\/p><p class=\"p1\">When the Site uses cookies\/trackers (e.g., for statistics, performance, or conversion measurement), VALORA aims to:<\/p><ul class=\"ul1\"><li class=\"li1\">clearly describe the categories of cookies\/trackers and their purposes;<\/li><li class=\"li1\">offer, when relevant, configuration choices (especially for non-essential cookies).<\/li><\/ul><p class=\"p1\">Details (categories, purposes, duration, preference management) are presented in the <b>Cookie Policy<\/b>, available on the Site.<\/p><p class=\"p1\"><b>8.5 Communications and Document Sharing: Operational Prudence<\/b><\/p><p class=\"p1\">To reduce exposure, VALORA prioritizes pragmatic practices:<\/p><ul class=\"ul1\"><li class=\"li1\">avoid sending highly sensitive information via generic, uncontrolled channels;<\/li><li class=\"li1\">use controlled sharing mechanisms when documents need to circulate (identified recipients, limited access when possible);<\/li><li class=\"li1\">limit shared information to that necessary for the mandate (minimization).<\/li><\/ul><p class=\"p1\"><b>Section 9 \u2014 Retention and Destruction<\/b><\/p><p class=\"p1\"><b>9.1 Principle: Retain Only What is Necessary<\/b><\/p><p class=\"p1\">VALORA aims to retain information (including elements of a <b>record<\/b>: inventory, photos, reports, communications) <b>only for the duration necessary<\/b> for the purposes for which it was collected or used, notably:<\/p><ul class=\"ul1\"><li class=\"li1\">processing a request (quote and evaluation);<\/li><li class=\"li1\">executing a mandate and delivering agreed-upon deliverables;<\/li><li class=\"li1\">ensuring reasonable administrative follow-up (invoicing, record management, relevant operational proofs).<\/li><\/ul><p class=\"p1\">This principle is part of a logic of governance and personal information protection within a company.<\/p><p class=\"p1\"><b>9.2 Retention Parameters: Adapted to Mandate and Risk<\/b><\/p><p class=\"p1\">Retention duration may vary depending on:<\/p><ul class=\"ul1\"><li class=\"li1\">the nature of the mandate (partial vs. full management);<\/li><li class=\"li1\">the sensitivity of the information;<\/li><li class=\"li1\">operational needs (e.g., deliverables, follow-up, traceability);<\/li><li class=\"li1\">applicable legal obligations (if any).<\/li><\/ul><p class=\"p1\">VALORA avoids &#8220;indefinite retention by default&#8221;: the objective is justified and proportionate retention.<\/p><p class=\"p1\"><b>9.3 Secure Destruction and Disposal<\/b><\/p><p class=\"p1\">When retention is no longer necessary, VALORA aims for <b>secure destruction<\/b> of information according to its medium:<\/p><ul class=\"ul1\"><li class=\"li1\">secure deletion of digital copies and removal of access;<\/li><li class=\"li1\">secure destruction of paper documents where applicable;<\/li><li class=\"li1\">confirmation or internal documentation of disposal when relevant (depending on the type of record).<\/li><\/ul><p class=\"p1\">These practices aim to reduce the risk of unauthorized access and align with the obligation to take reasonable security measures.<\/p><p class=\"p1\"><b>9.4 Handover of Deliverables and File Closure<\/b><\/p><p class=\"p1\">At the end of a mandate (or at the end of a major milestone), VALORA hands over the agreed-upon deliverables (e.g., final report, exportable inventory, document index) and applies a closure logic:<\/p><ul class=\"ul1\"><li class=\"li1\">confirmation of handed-over items;<\/li><li class=\"li1\">clarification of temporarily retained items (if applicable) and retention\/destruction terms;<\/li><li class=\"li1\">withdrawal of external access when not required.<\/li><\/ul><p class=\"p1\">Details (typical retention periods, exact terms, deletion requests, etc.) are set out in the <b>Privacy Policy<\/b> and, where applicable, in the terms of the mandate.<\/p><p class=\"p1\"><b>Section 10 \u2014 Security &amp; Privacy Contact<\/b><\/p><p class=\"p1\"><b>10.1 Officer and Contact Point<\/b><\/p><p class=\"p1\">For any questions regarding security, privacy, or the protection of personal information, you may contact VALORA&#8217;s <b>personal information protection officer<\/b>.<\/p><p class=\"p1\">The Act respecting the protection of personal information in the private sector stipulates that the person holding the highest authority within the company is responsible for the protection of personal information, unless this function is delegated in writing, and imposes related governance obligations.<\/p><p class=\"p1\"><b>Contact Information (to be inserted)<\/b><b><\/b><\/p><ul class=\"ul1\"><li class=\"li3\">Name \/ Title: Marie-Jos\u00e9e Legault, PIO \u2014 VALORA<\/li><li class=\"li3\">Email: legal@valoraestate.com<\/li><li class=\"li3\">Mailing address: 2572 Daniel-Johnson Blvd, 2nd floor, Laval, Quebec, H7T 2R3  <\/li><\/ul><p class=\"p1\"><b>10.2 Reporting an Incident or Concern<\/b><\/p><p class=\"p1\">If you believe that personal information has been:<\/p><ul class=\"ul1\"><li class=\"li1\">lost,<\/li><li class=\"li1\">disclosed to a third party without authorization,<\/li><li class=\"li1\">accessed without authorization,<\/li><li class=\"li1\">or used inappropriately,<\/li><\/ul><p class=\"p1\">You may contact VALORA using the contact details above. VALORA will evaluate the information received and apply its incident management process, including maintaining a register and, where applicable, issuing required notifications when the risk of serious harm justifies it. <\/p><p class=\"p1\"><b>10.3 Requests Regarding Your Personal Information<\/b><\/p><p class=\"p1\">To exercise rights or submit a request regarding your personal information (access, rectification, withdrawal of consent where applicable, etc.), please consult the <b>Privacy Policy<\/b>, which describes:<\/p><ul class=\"ul1\"><li class=\"li1\">the categories of information collected,<\/li><li class=\"li1\">the purposes,<\/li><li class=\"li1\">disclosures to third parties,<\/li><li class=\"li1\">and the request procedure.<\/li><\/ul><p class=\"p1\"><b>Section 11 \u2014 Updates<\/b><\/p><p class=\"p1\"><b>11.1 Evolution of Practices and Document<\/b><\/p><p class=\"p1\">VALORA may update this <b>Security and Privacy<\/b> page to reflect:<\/p><ul class=\"ul1\"><li class=\"li1\">the evolution of its services (post-mortem \/ living legacy file);<\/li><li class=\"li1\">changes in technological tools or suppliers;<\/li><li class=\"li1\">the improvement of its operational practices;<\/li><li class=\"li1\">or the evolution of the applicable framework.<\/li><\/ul><p class=\"p1\">Any update is intended to maintain information that is clear and consistent with the <b>Privacy Policy<\/b> and the <b>Cookie Policy<\/b>, where these documents apply.<\/p><p class=\"p1\"><b>11.2 Dates<\/b><\/p><ul class=\"ul1\"><li class=\"li1\"><b>Effective date<\/b>: February 26, 2026<\/li><li class=\"li1\"><b>Last updated<\/b>: February 26, 2026<\/li><\/ul><p class=\"p1\"><b>11.3 Where to Find the Current Version<\/b><\/p><p class=\"p1\">The current version of this page is published on <b>valoraestate.com<\/b> and accessible via the <b>footer<\/b> of the Site.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Security and Privacy Section 1 \u2014 Scope and Definitions 1.1 Document Scope This Security &amp; Privacy page describes, at a general and public level, the measures and principles applied by&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-23926","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security and Privacy - Valora<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/valoraestate.com\/en\/security-and-privacy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security and Privacy - Valora\" \/>\n<meta property=\"og:description\" content=\"Security and Privacy Section 1 \u2014 Scope and Definitions 1.1 Document Scope This Security &amp; Privacy page describes, at a general and public level, the measures and principles applied by&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/valoraestate.com\/en\/security-and-privacy\/\" \/>\n<meta property=\"og:site_name\" content=\"Valora\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-30T12:29:39+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/valoraestate.com\/en\/security-and-privacy\/\",\"url\":\"https:\/\/valoraestate.com\/en\/security-and-privacy\/\",\"name\":\"Security and Privacy - Valora\",\"isPartOf\":{\"@id\":\"https:\/\/valoraestate.com\/en\/#website\"},\"datePublished\":\"2026-02-16T19:52:37+00:00\",\"dateModified\":\"2026-03-30T12:29:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/valoraestate.com\/en\/security-and-privacy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/valoraestate.com\/en\/security-and-privacy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/valoraestate.com\/en\/security-and-privacy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/valoraestate.com\/en\/accueil\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security and Privacy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/valoraestate.com\/en\/#website\",\"url\":\"https:\/\/valoraestate.com\/en\/\",\"name\":\"Valora\",\"description\":\"Valora\",\"publisher\":{\"@id\":\"https:\/\/valoraestate.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/valoraestate.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/valoraestate.com\/en\/#organization\",\"name\":\"Conciergerie successoral Valora\",\"url\":\"https:\/\/valoraestate.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/valoraestate.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/valoraestate.com\/wp-content\/uploads\/2020\/04\/1875-624-max.png\",\"contentUrl\":\"https:\/\/valoraestate.com\/wp-content\/uploads\/2020\/04\/1875-624-max.png\",\"width\":1875,\"height\":624,\"caption\":\"Conciergerie successoral Valora\"},\"image\":{\"@id\":\"https:\/\/valoraestate.com\/en\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security and Privacy - Valora","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/valoraestate.com\/en\/security-and-privacy\/","og_locale":"en_US","og_type":"article","og_title":"Security and Privacy - Valora","og_description":"Security and Privacy Section 1 \u2014 Scope and Definitions 1.1 Document Scope This Security &amp; Privacy page describes, at a general and public level, the measures and principles applied by&hellip;","og_url":"https:\/\/valoraestate.com\/en\/security-and-privacy\/","og_site_name":"Valora","article_modified_time":"2026-03-30T12:29:39+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/valoraestate.com\/en\/security-and-privacy\/","url":"https:\/\/valoraestate.com\/en\/security-and-privacy\/","name":"Security and Privacy - Valora","isPartOf":{"@id":"https:\/\/valoraestate.com\/en\/#website"},"datePublished":"2026-02-16T19:52:37+00:00","dateModified":"2026-03-30T12:29:39+00:00","breadcrumb":{"@id":"https:\/\/valoraestate.com\/en\/security-and-privacy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/valoraestate.com\/en\/security-and-privacy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/valoraestate.com\/en\/security-and-privacy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/valoraestate.com\/en\/accueil\/"},{"@type":"ListItem","position":2,"name":"Security and Privacy"}]},{"@type":"WebSite","@id":"https:\/\/valoraestate.com\/en\/#website","url":"https:\/\/valoraestate.com\/en\/","name":"Valora","description":"Valora","publisher":{"@id":"https:\/\/valoraestate.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/valoraestate.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/valoraestate.com\/en\/#organization","name":"Conciergerie successoral Valora","url":"https:\/\/valoraestate.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/valoraestate.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/valoraestate.com\/wp-content\/uploads\/2020\/04\/1875-624-max.png","contentUrl":"https:\/\/valoraestate.com\/wp-content\/uploads\/2020\/04\/1875-624-max.png","width":1875,"height":624,"caption":"Conciergerie successoral Valora"},"image":{"@id":"https:\/\/valoraestate.com\/en\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/pages\/23926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/comments?post=23926"}],"version-history":[{"count":2,"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/pages\/23926\/revisions"}],"predecessor-version":[{"id":24141,"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/pages\/23926\/revisions\/24141"}],"wp:attachment":[{"href":"https:\/\/valoraestate.com\/en\/wp-json\/wp\/v2\/media?parent=23926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}