Classavatar, the Quebec alternative to Classdojo!

Classavatar Pro FAQ Contact
English Chevron
Account Application
Account

Personal Data Management Policy

1. Introduction

Classavatar is a Quebec-based technology company specializing in the development of digital educational tools for teachers and schools. Recognizing the importance of protecting personal information and ensuring cybersecurity, Classavatar adopts rigorous practices to guarantee the confidentiality, integrity, and availability of the data it processes. This policy outlines the principles, practices, and responsibilities governing the management of personal information within the company, in accordance with the Act respecting the protection of personal information in the private sector (Bill 25) .

2. Governance and regulatory framework

Classavatar relies on a clear data protection governance structure. Under the supervision of the Chief Privacy Officer , the company implements internal policies, procedures, and control mechanisms designed to ensure legal compliance and information security. These policies are reviewed periodically to reflect changes in laws, standards, and best practices in the technology sector.

3. Staff safety and awareness

Classavatar recognizes that information security depends on the vigilance and responsibility of its staff. All employees receive mandatory training on cybersecurity and privacy protection. Regular refresher courses, awareness campaigns, and internal controls help maintain a high level of compliance and vigilance.

4. Infrastructure and data security

Classavatar implements technical and organizational measures to ensure the confidentiality, integrity, and availability of personal information. These measures include, but are not limited to:

  • The use of secure servers and cloud hosting that complies with security standards;

  • Encryption of data in transit and at rest;

  • Access controls based on roles and operational needs;

  • Regular data backup and restoration in case of an incident;

  • Secure deletion of data that has reached the end of its lifecycle.

5. Collaboration with schools and partners

As part of its operations, Classavatar collaborates with schools, teachers, and various partners in the education sector. The company is committed to ensuring the rigorous and secure management of the data entrusted to it, in accordance with contractual agreements and applicable laws. Any collection, use, or disclosure of personal information is carried out within a legal framework, is proportionate, and is justified by the educational objectives of the service.

6. Incident Management and Business Continuity

Classavatar has a structured security incident management plan to ensure a rapid, coordinated and effective response in the event of a potential compromise of personal data or service interruption.

This plan is based on the principles of prevention, detection, response and continuous improvement , and aims to guarantee the protection of users as well as transparency towards partner institutions.

Detection and reporting

Any potential security incident (e.g., unauthorized access, data loss, security breach, intrusion attempt, or system anomaly) is immediately reported to the Classavatar security team. An automated monitoring and alerting system enables the rapid detection of abnormal events at any time.

Analysis and management

A specialized response team immediately analyzes the incident, identifies its causes, and assesses its scope. Necessary containment measures are implemented to limit any additional risk, and a complete record of actions is maintained for auditing and improvement purposes.

Communication and notice to school partners

Classavatar recognizes the importance of prompt and transparent communication with partner schools. Therefore, in the event of any security incident directly or indirectly affecting the data of a school service center (CSS) or partner district:

  • The relevant director of technology services is informed by email within a maximum of 24 hours of the incident being detected;

  • A preliminary report detailing the nature of the incident, the systems affected and the corrective measures implemented is transmitted as soon as possible;

  • A detailed final report is then provided at the conclusion of the internal investigation.

This approach aims to ensure effective coordination with school decision-makers and to support school service centres in their legal and technological obligations.

Business continuity

Business continuity and recovery measures are in place to minimize the impact on users and partners. These include redundancy mechanisms, automated backups, and a service recovery plan that prioritizes systems essential to the schools' educational mission.

7. Commitment to the protection of personal information

Classavatar is committed to maintaining the highest standards of data protection, ensuring transparency in its practices, and continuously improving its security mechanisms. Regular internal audits and assessments guarantee the company's compliance with Law 25 and industry best practices.

8. Rights of individuals and contact

Any person whose personal information is collected by Classavatar has rights of access, rectification and withdrawal of consent in accordance with Law 25. To exercise these rights or for any question relating to the protection of personal information, it is possible to contact the designated person in charge.

Person responsible for the protection of personal information
 Name: Isabelle Lemieux
 Email: isabelle@classavatar.app
 Address: 260 Notre-Dame West, Montreal, QC, H2Y 1T3
 Website: https://classavatar.ca