Privacy policy

What is the objective of the Policy?

The protection of privacy and information security is a priority for brh. That’s why we’re committed to taking the necessary steps to comply with the principles and requirements for the protection of personal information and information security in accordance with the applicable legislation.

The purpose of this Policy is to describe in a clear and transparent manner the information we collect, how it is used, the methods we use to protect it and your rights in this regard.

Policy application

This Privacy and Information Security Policy applies to the online psychometric testing platform,

“INTERPRETO” is a registered trademark fully developed and administered by brh. The present Policy therefore sometimes refers to “we” and “brh” to designate the practices applicable to the Interpreto division.

We invite all those concerned to familiarize themselves with this Policy in order to learn about the rules applied and governing all brh staff members with regard to the protection of personal information and information security.

Interpreto reserves the right to change this Policy at any time, in whole or in part, without notice. Any changes will be effective upon publication of a new Policy.

The date of the last update is indicated at the bottom of this page.

Your consent

When an organization registers candidates for Interpreto‘s online testing services, it is deemed to have obtained all necessary consents beforehand.

In addition, we will specifically ask for your consent to be evaluated by Interpreto services before you begin your first online test.

Anyone who voluntarily provides personal information is presumed to consent to its use and disclosure for the purposes for which it was collected.

When we process your information on the basis of consent you have previously given us, you may withdraw that consent at any time, subject to legal or contractual restrictions.

By using Interpreto‘s services, you freely and knowingly agree to this Privacy and Information Security Policy.


Personal information
Under the law, personal information is any information concerning a physical person that allows that person to be identified. It is considered confidential.

Information asset
An information asset can be information, regardless of its medium (paper, technological or verbal), an IT asset, as well as the systems used for its processing, use, storage, preservation and internal and external communication.

Information security 
A set of technological, physical, organizational, human, legal and ethical measures to ensure the security of information assets, notably:

  • The availability of information: Accessible in a timely manner and in the manner required by authorized people.
  • The integrity of the information: Cannot be destroyed or altered without authorization and in compliance with brh‘s retention schedule. That the medium of this information provides it with stability and durability.
  • The confidentiality of information: Limit disclosure only to people authorised to receive it.
  • The identification and authentication: To confirm, when required, the identity of a person or the identification of a document or device.
  • The compliance: With legal, regulatory or business requirements to which brh is subjected.

What personal information do we collect?

We only collect personal information that is necessary in order to identify you and provide you with our various online testing services.

Here is some personal information we may collect:

  • Identity related information: First name, last name, date of birth and gender;
  • Contact details: Telephone numbers and e-mail address;
  • Test results: Psychometric tests, personality traits, level of proficiency of written French, level of proficiency of Microsoft software, etc.;
  • Additional information: We may process additional personal data if you choose to provide it to us.

Why do we collect this information?

In general, your personal information is used to:

  • Create a file in your name;
  • Offer a better personalized service;
  • Evaluate you for employment;
  • Ensure compliance with legal requirements and professional orders.

How do we collect it?

To register you on the Interpreto platform, your personal information is first collected indirectly. It is the organization or your employer that sends us, with your consent, the personal information required to create your file and allow us to contact you.

We also collect your personal information when you use Interpreto‘s services and voluntarily provide us with your personal information. For example, when you:

  • Fill out the “Contact us” or “Schedule a free trial” form, so that we can get in touch with you and answer any questions or comments you may have.
  • Agree to be subjected to online automated assessments and psychometric tests.

How is it secured?

Brh implements strict policies and procedures to protect your personal information and is committed to respecting the highest security standards.

We protect the personal information we collect by using physical, technological and organizational security measures appropriate to the nature and sensitivity of the information. These measures include the implementation of firewalls, encryption technologies and data filtering. We use different security techniques to protect collected data from unauthorized access by users inside or outside of brh. We take reasonable measures so that only employees and subcontractors who need access to confidential data to perform, develop or improve our services are authorized to access it.

Despite our best efforts to preserve the confidentiality of your personal information, it is impossible to guarantee 100% its protection. Indeed, third parties may illegally intercept information transmitted on our site, or a security breach of our systems may otherwise occur. In such a case, brh cannot be held responsible for any loss, alteration or unauthorized disclosure of information beyond our reasonable control.

Who has access or who uses it?

Interpreto strictly restricts access to your personal information to its employees who need this information and only for the purposes intended. Interpreto employees are kept up to date on privacy and security practices and may not use the information provided for any other purpose, unless they have obtained your prior consent.

Roles and responsibilities of staff members

In accordance with the law, roles and responsibilities of staff have been established throughout the life cycle of personal information.


Administration board

Formed by the president and brh associates.

  • Endorses policies and directives concerning the protection of personal information and information security, as well as their updates.
  • Approves the appointment of the members on the Information security committee.
  • Appoints a Head of the protection of personal information and information security.


Executive board

Formed by the president and members of management.

  • Recommends policies and guidelines to the Administration board, as well as any changes arising from updates.
  • Ensures that employees under their responsibility use secure means to collect, use, retain, disclose or destroy personal information and make them aware of their responsibilities under this Policy.
  • Authorizes and periodically reviews access to information held by them, and revokes access that is no longer required for the execution of their staff members’ duties.
  • Informs the person in charge of human resources data of any misconduct by a member of staff and applies the appropriate measures.


Head of the protection of personal information and information security

  • Acts as an advisor to management to ensure the protection of personal information throughout its life cycle, from collection to destruction.
  • Assists the Executive board in determining the strategic direction of information security, monitoring the resulting activities and setting priorities for action.
  • Documents, coordinates and carries out risk management activities for brh.
  • Manages and coordinates the implementation of the Policy, guidelines, procedures and action plans.
  • Ensures that the level of maturity in managing the protection of personal information and information security meets the needs.
  • Ensures staff awareness and training on obligations and practices relating to the access to information and the protection of personal information.
  • Evaluates information security and privacy risk factors in all project management processes.
  • Handles access requests and complaints. Assists the person making a request.
  • Carries out the required reporting in terms of the access to information and the protection of personal information, in particular:
    •  Keeps records concerning incidents of confidentiality, disclosures of personal information, collection agreements and use of information for purposes other than those for which it was collected.
    • If applicable, forwards agreements for the collection or communication of personal information to the Commission d’accès à l’information.


IT Manager

The Manager of the brh Information Technology department (IT) has the role of operating and managing standards, procedures and controls relating to the security of information systems and electronic information, as well as detecting and managing security incidents. He works directly with the Head of the protection of personal information.

  • Protects information according to the established classification and provides regular reports to managers on the use of resources and user activities.
  • Ensures the definition, implementation and evolution of the incident management process, then submits it to the Information security committee for approval.
  • Respects the confidentiality of the information to which he has access.
  • Monitors the Information Security Management System (ISMS) and alerts the Information security committee in the event of compromise of the information system, or alerts proactively when a potential breach is discovered.
  • Manages the life cycle of IOCs (indicators of compromise).
  • If need be, prioritizes and manages security incidents.
  • Monitors emerging threats on a daily basis.


Information security committee

Composed of the President, the IT Manager and the Head of the protection of personal information and information security.

  • Monitors Policy application and effectiveness.
  • Ensures that the Policy is kept up to date and proposes any necessary changes.
  • Ensures coordination, consultation, coherence and integration of Information Security Management System (ISMS) guidelines and directives.
  • Ensures that the Policy and procedures comply with applicable laws and regulations.
  • Approves information security standards, practices and action plans and ensures that they are implemented and monitored.
  • Is responsible for managing major information security incidents.


Practice Leader

The Practice leader is an employee or member of management who is designated to ensure, among other things, the security of information assets under the responsibility of their field of practice.

  • Ensures that appropriate safety measures are specified, implemented and enforced.
  • Contributes to the categorization of information in their field of practice.


Staff member

Employees must actively participate in the protection of information in their professional activities.

  • Collects only necessary information.
  • Uses personal information only for the purposes for which it is intended and within the limits of access authorized to it.
  • Respects the confidentiality of the information to which they have access.
  • Uses secure means to collect, use, retain, disclose or destroy personal information.
  • Ensures the security of personal information collected, to the best of their knowledge and according to their roles and responsibilities.
  • Notifies the Information security committee of any situation that could compromise the protection of personal information.
  • Signs a confidentiality agreement.
  • Participates in any training session or awareness program implemented by brh.
  • Acknowledges and agrees to comply with brh‘s directives, policies, standards and procedures regarding the protection of personal information and information security.

With whom do we share it?

We will use and share your personal information only for the purposes identified at the time of collection. Accordingly, your personal information, including your psychometric test results, will be sent to the organization that registered you.

Some of our tests are provided by business partners. When you complete psychometric tests from one of these third-party suppliers, your answers will be shared with them for correction, analysis and/or statistical purposes. In addition, some of these partners host their data on secure servers in Europe or the United States. By agreeing to take tests on the Interpreto platform, you consent to your information being shared outside Quebec.

Once personal information is disclosed to an employer or third-party suppliers, we no longer have direct control over it. Interpreto cannot guarantee that these organizations will follow the same privacy and confidentiality policies, but we will make every reasonable effort to ensure that information is handled appropriately.

When is it disposed of?

We will only keep your information for as long as we reasonably need it for the purposes for which it was collected or processed, in accordance with this Policy or to comply with various legislative requirements. In accordance with the requirements of professional orders, we retain your personal information for a minimum period of five (5) years from the date of the last professional service rendered.

We will regularly review the information we hold and securely delete it when it is no longer necessary to retain it. Nevertheless, Interpreto reserves the right to keep anonymous information collected for statistical purposes.

Cookies and other tracking technologies

In order to improve our services and personalize our approach, we collect information, using cookies and other comparable techniques, such as Google Analytics (GA4), about how you use our Interpreto platform, We may also use other tracking technologies, including pixels (Meta Business Tools) and web beacons, in order to provide a better service. These technologies generally work in conjunction with cookies.

The data we collect includes:

  • The history of pages you have viewed on our website;
  • The date and time these pages were consulted;
  • The region from which you are connected (geolocation);
  • Your IP address;
  • The time spent on each page viewed;
  • The web browser used (Chrome, Edge, Firefox, Internet Explorer, etc.);
  • The browser settings and the type of device used (mobile or computer, Mac or PC, etc.);
  • The AdWords links and advertisements visited, as well as references to the websites, applications or social media from which you accessed the pages.

This information allows us among other things to analyze major trends and human resources needs, to ensure we meet demands and to improve our service offerings. We may also use certain data to prevent and investigate security incidents.

The information generated by the cookies of the third-party applications we use is generally sent to and stored on servers in the United States. We consider this data to be personal information and take the same care to protect it. We take reasonable steps to ensure that the security measures implemented by third-party suppliers meet high standards.

Cookies are accepted by default on your browser and not on our site. You can refuse them at any time by modifying your browser settings. By continuing to browse our websites, you consent to the collection and use of your data collected by these tracking technologies, as well as the transfer and hosting on servers that may be outside Quebec and Canada.

For more details on how you can opt-out of the collection and use of information for targeted advertising, please visit the Digital Advertising Alliance of Canada (DAAC) website at

Links to other sites

Our websites may contain links to other websites or social networks controlled by other companies. Interpreto is not responsible for how these companies collect, use and disclose your personal information. We encourage you to review the privacy policies of these other sites before providing any information about yourself.

Your right to information and access principles

In accordance with the law, you have the right to:

  • Be informed of the policies and practices surrounding the governance of personal information in clear and simple terms;
  • Access your personal information;
  • Correct inaccurate, incomplete or ambiguous information in a file concerning you;
  • Have deleted information that is out-of-date or if its collection is not authorized by law;
  • Withdraw your consent at any time.

Requests for access, correction or deletion of information should be made in writing to the Head of the protection of personal information of the organization that registered you for the services of Interpreto.

The person responsible must respond to the request within 30 days of receipt. Failure to respond within this period is equivalent to a refusal.

If the request for access has been refused in whole or in part, or if no response has been given within the prescribed time, you have 30 days to request a review by the Commission d’accès à l’information.

How to file a complaint?

If you wish to file a complaint about the quality of the services you have received, we invite you to first contact the person who handled your file in order to rectify the situation. If your dissatisfaction persists, you can contact our customer service department to find out what recourse you have and, if needed, ask for the situation to be rectified.

If you feel that your personal information has been handled inappropriately, we encourage you to address your concerns in writing to the Head of the protection of personal information of the organization that registered you to the services of Interpreto.

Latest version: December 13th, 2023


See cart

Shopping cart