Privacy Policy
Effective Date: May 6, 2026
Introduction
rateinterviews.com (“Platform,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Platform.
This Privacy Policy applies to all users in Canada and the United States, and complies with:
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- Provincial privacy legislation applicable in Ontario
- Quebec’s Act respecting the protection of personal information in the private sector (Law 25 / Bill 64)
- Alberta’s Personal Information Protection Act (Alberta PIPA)
- British Columbia’s Personal Information Protection Act (BC PIPA)
- U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and other applicable state privacy laws
- Canada’s Anti-Spam Legislation (CASL)
By using rateinterviews.com, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
1. Information We Collect
We are committed to privacy by design and collect only the minimum information necessary to operate the Platform securely and effectively.
1.1 Information You Provide Directly
When you use the Platform, you may voluntarily provide:
a) Account Information (if applicable):
- Email address (for account creation or correspondence)
- Username or display name (if you choose to create an account)
- Password (encrypted and not accessible to us)
b) User-Generated Content:
- Reviews, ratings, comments, and written submissions about interview experiences
- Reports of content that violates our Terms of Service
- Communications with our support team
IMPORTANT: We strongly discourage you from including:
- Your full legal name or other personally identifiable information
- Contact details (phone numbers, email addresses, physical addresses)
- Confidential, proprietary, or sensitive information protected by NDAs
- Information about specific individuals (interviewers, recruiters) that could identify them
Any personal information you voluntarily include in your public submissions is your responsibility and is not considered confidential.
1.2 Information Collected Automatically
When you access the Platform, we automatically collect certain technical information:
a) Device and Usage Information:
- IP address
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Screen resolution
- Referring website or source
- Pages viewed and time spent on the Platform
- Clickstream data and navigation patterns
b) Cookies and Similar Technologies:
- Session cookies (temporary, deleted when you close your browser)
- Persistent cookies (stored on your device for a specified period)
- Analytics cookies (to understand how users interact with the Platform)
- Functional cookies (to remember your preferences)
Note: Under Canadian and U.S. law, IP addresses and certain device identifiers are considered personal information. We collect this data solely for:
- Security and fraud prevention
- Preventing abuse, spam, vote manipulation, and “review bombing”
- Content moderation and enforcement of our Terms of Service
- Technical troubleshooting and Platform improvements
- Compliance with legal obligations
1.3 Information from Third Parties
We do not purchase or obtain personal information about you from third-party data brokers. However, we may receive limited information from:
a) Third-Party Service Providers:
- Hosting providers, content delivery networks (CDNs), and cloud infrastructure services
- Analytics providers (e.g., aggregated usage statistics)
- Security and fraud detection services
b) Social Media Platforms (if you choose to share or link):
- If you choose to share Platform content on social media, those platforms may provide limited referral information
c) Legal Processes:
- Information received in response to legal requests, court orders, or subpoenas
2. How We Use Your Information
We use collected information for the following purposes:
2.1 Platform Operations and Functionality
- To provide, operate, maintain, and improve the Platform
- To display user-generated content (reviews and ratings)
- To enable search and filtering functionality
- To respond to your inquiries and provide customer support
2.2 Content Moderation and Safety
- To review and moderate user-generated content for compliance with our Terms of Service
- To detect and prevent violations of our Prohibited Conduct policies
- To identify and remove content containing:
- Personally Identifiable Information (PII) of non-public individuals
- Confidential information or apparent NDA violations
- Profanity, hate speech, or prohibited content
- To detect and prevent spam, fake reviews, vote manipulation, and abusive behavior
2.3 Security and Fraud Prevention
- To protect against fraud, unauthorized access, and security threats
- To detect and prevent malicious activity, including:
- Automated bots and scrapers
- Denial-of-service attacks
- Account takeovers and unauthorized access
- Coordinated manipulation or “review bombing”
- To investigate and respond to security incidents
2.4 Legal Compliance and Enforcement
- To comply with applicable laws, regulations, and legal processes
- To respond to lawful requests from government authorities, law enforcement, or courts
- To enforce our Terms of Service and other policies
- To protect our rights, property, safety, and the rights of our users
2.5 Analytics and Improvement
- To analyze Platform usage patterns and trends (in aggregate, anonymized form)
- To understand user behavior and preferences
- To improve user experience and Platform features
- To conduct research and development
2.6 Communications
To send important notices about the Platform, including:
- Changes to our Terms of Service or Privacy Policy
- Security alerts or breach notifications
- Responses to your support requests
To send optional communications (if you opt in), such as:
- Platform updates or new features
- Tips for using the Platform effectively
All commercial electronic messages sent to Canadian users comply with Canada’s Anti-Spam Legislation (CASL). See Section 15 for details.
We do NOT use your information for:
- Selling or renting your personal information to third parties
- Sending unsolicited marketing or advertising (spam)
- Profiling you for discriminatory purposes
- Making automated decisions that significantly affect you without human oversight
- Training or providing data for the development of artificial intelligence (AI) systems, machine learning models, or large language models (LLMs), whether by us or by any third-party service provider
3. Anonymity and Pseudonymity
3.1 Anonymous Sharing
rateinterviews.com is designed to facilitate anonymous sharing of interview experiences. We support and encourage anonymity to protect users from potential retaliation.
We do not publicly display:
- IP addresses
- Email addresses
- User account identifiers (unless you choose a public username)
- Device information or technical identifiers
- Any information that would directly reveal your identity
3.2 Limitations of Anonymity
Anonymity cannot be absolute. Your anonymity may be compromised if:
- You voluntarily disclose identifying information in your review content
- Unique or specific details in your review make you identifiable to those familiar with the situation
- We are legally compelled to disclose your information pursuant to a valid court order, subpoena, search warrant, or other legal process
- Law enforcement or legal authorities request information as part of an investigation
3.3 Pseudonymous Use
You may use a pseudonym (username) that does not reveal your real identity. We recommend:
- Choosing a username that is not connected to your real name or other online identities
- Avoiding including personal details in your profile or submissions
- Being mindful that combining multiple data points may make you identifiable
4. How We Share and Disclose Information
We do not sell, rent, trade, or otherwise commercialize your personal information.
4.1 Public Disclosure
User-Generated Content (reviews, ratings, comments) that you submit is publicly visible on the Platform. This content may be:
- Viewed by anyone visiting the Platform
- Indexed by search engines (Google, Bing, etc.)
- Shared or republished by third parties
Do not include information in your public submissions that you do not want to be publicly available.
4.2 Service Providers and Processors
We may share limited information with trusted third-party service providers who assist us in operating the Platform, including:
a) Infrastructure and Hosting:
- Cloud hosting providers (e.g., servers, databases, content delivery networks)
- Data storage and backup services
b) Analytics and Performance:
- Website analytics services (aggregated, anonymized usage data)
- Performance monitoring and error tracking tools
c) Security and Fraud Prevention:
- Security scanning and threat detection services
- CAPTCHA and bot prevention services
d) Communications:
- Email service providers (for transactional emails and support communications)
Service Provider Requirements:
We have executed appropriate data processing agreements with all service providers who handle personal information on our behalf, in accordance with applicable privacy legislation including PIPEDA and applicable U.S. state privacy laws. All service providers are contractually required to:
- Use your information only for the specific purposes we authorize
- Implement appropriate security measures to protect your information
- Comply with applicable privacy laws, including PIPEDA, Alberta PIPA, BC PIPA, and applicable U.S. state privacy laws
- Not use your information for their own purposes or share it with others
- Not use your information to train artificial intelligence models, machine learning systems, or large language models (LLMs)
4.3 Legal Obligations and Rights Protection
We may disclose your information when we believe, in good faith, that disclosure is necessary to:
a) Comply with Legal Requirements:
- Respond to valid subpoenas, court orders, search warrants, or other legal processes
- Comply with applicable laws and regulations
- Cooperate with law enforcement or government investigations
b) Protect Rights and Safety:
- Enforce our Terms of Service and other agreements
- Protect the rights, property, or safety of rateinterviews.com, our users, or the public
- Detect, prevent, or address fraud, security issues, or technical problems
- Respond to claims that content violates the rights of third parties
c) Emergency Situations:
- Prevent imminent harm to persons or property
- Respond to emergency situations involving danger of death or serious physical injury
d) Process and Requirements for Legal Requests:
- We do not act on informal requests for user information, including letters, emails, or telephone calls from third parties or their legal counsel, that are not accompanied by valid legal process (such as a subpoena, court order, or search warrant) properly issued by a court or governmental authority of competent jurisdiction and properly served on us in writing
- We will review and respond to valid, properly served legal requests within twenty-one (21) business days of receipt, except where a shorter period is required by law or where the request involves a credible, imminent threat to health or safety
- For requests that are non-routine, overly broad, unduly burdensome, or that otherwise require extraordinary effort to comply with, we reserve the right to require advance payment of a reasonable processing fee to cover our costs of compliance before producing responsive information
Our Commitment:
- Where legally permissible, we will attempt to notify you before disclosing your information in response to legal requests
- We reserve the right, but have no obligation, in our sole and absolute discretion, to challenge disclosure requests that we deem overly broad or improper
- We will seek to limit the scope of disclosure to what is legally required
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred to a successor entity. We will:
- Provide notice of such transfer via email or prominent notice on the Platform
- Require the successor entity to honor this Privacy Policy
- Provide you with choices regarding your information, where applicable
4.5 Aggregate and Anonymized Information
We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you, including:
- Statistical data about Platform usage and trends
- Aggregated review statistics by industry, company size, or geographic region
- Research and insights for academic or public interest purposes
This information is not considered personal information and is not subject to this Privacy Policy.
5. Data Retention and Deletion
5.1 Retention Principles
We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention Periods:
a) User-Generated Content (Reviews, Ratings, Comments):
- Retained to maintain Platform integrity and usefulness
- Users may request deletion (see Section 8), subject to legal exceptions
- Where required by applicable privacy law (including under Quebec’s Law 25), we will review retention on a periodic basis to ensure continued necessity
b) Account Information:
- Retained while your account is active
- Deleted or anonymized within 90 days of account deletion request (unless legally required to retain)
c) Technical and Log Data (IP addresses, device information):
- Retained for 12 months for security, fraud prevention, and legal compliance
- May be retained longer if involved in active investigations, disputes, or legal proceedings
d) Support Communications:
- Retained for 24 months to provide consistent customer service
e) Legal and Compliance Records:
- Retained as required by law (e.g., tax records, legal holds, regulatory requirements)
f) Content Moderation, Takedown, and Right-of-Reply Records:
- We retain records of content moderation decisions, takedown and removal requests (including the date received, applicable review timeline, and outcome), and right-of-reply submissions and verification materials, for six (6) years from the date of the relevant decision, or longer where necessary to comply with an active legal hold or to defend against an actual or threatened legal claim
- These records are maintained to document our content moderation practices and the procedures described in Section 4.3 and Section 6.3 of our Terms of Service, and may be used to support our legal defenses and our positions in any dispute, investigation, or proceeding
5.2 Deletion Process
When information is deleted:
- It is removed from active systems and databases
- Backup copies may persist for up to 90 days in disaster recovery systems
- Information may be retained in de-identified or aggregated form
Exceptions to Deletion:
- Information subject to legal holds, pending litigation, or regulatory requirements
- Information necessary to enforce our Terms of Service or protect our rights
- Information required for fraud prevention or security purposes
- Publicly posted content that has been archived by third parties (beyond our control)
6. Cookies and Tracking Technologies
6.1 What Are Cookies?
Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit.
6.2 Types of Cookies We Use
a) Essential Cookies (Strictly Necessary):
- Enable core Platform functionality (e.g., user sessions, security features)
- Cannot be disabled without impairing Platform functionality
- Examples: authentication cookies, security tokens
b) Functional Cookies:
- Remember your preferences and settings
- Enhance user experience and Platform performance
- Examples: language preferences, display settings
c) Analytics Cookies:
- Help us understand how users interact with the Platform
- Provide aggregated, anonymized statistics
- Examples: page views, time on site, navigation patterns
d) Security Cookies:
- Detect and prevent fraudulent activity and security threats
- Examples: bot detection, rate limiting, abuse prevention
6.3 Cookie Duration
Session Cookies:
- Temporary cookies deleted when you close your browser
- Used for essential functionality and security
Persistent Cookies:
- Remain on your device for a specified period (typically 30 days to 1 year)
- Used for preferences and analytics
6.4 Managing Cookies
You have control over cookies:
Browser Settings: Most browsers allow you to:
- Block all cookies
- Accept only certain types of cookies
- Delete existing cookies
- Receive notifications when cookies are set
Limitations:
- Disabling essential cookies may impair Platform functionality
- Disabling analytics cookies does not affect your ability to use the Platform
How to Manage Cookies:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and Website Data
- Edge: Settings > Cookies and Site Permissions
6.5 Do Not Track Signals and Global Privacy Control
Some browsers offer “Do Not Track” (DNT) signals. Currently, there is no universal industry standard for responding to DNT signals.
Global Privacy Control (GPC): We honor the Global Privacy Control (GPC) signal as a valid opt-out request under the California Consumer Privacy Act (CCPA/CPRA) and analogous applicable state privacy laws. If your browser or device sends a GPC signal when visiting our Platform, we will treat it as a request to opt out of the sale or sharing of your personal information (noting that we do not sell or share personal information for advertising purposes in any event). GPC signals are processed automatically without requiring you to submit a separate opt-out request.
6.6 Third-Party Cookies
We do not allow third-party advertising cookies on our Platform. Any third-party cookies are limited to:
- Analytics providers (aggregated data only)
- Security and fraud prevention services
- Infrastructure providers necessary for Platform operations
6.7 Cookie Consent Mechanism
When you first visit the Platform, you will be presented with a cookie consent notice that:
- Identifies the categories of non-essential cookies we use
- Allows you to accept all cookies, reject non-essential cookies, or manage your preferences by category
- Provides a link to this Privacy Policy for full details
Essential cookies required for core Platform functionality will be set regardless of your preference. Your cookie preferences are stored and respected on subsequent visits. You may change your cookie preferences at any time via the cookie settings link in the Platform footer.
For Canadian users (including those in Quebec), we obtain meaningful consent before setting non-essential cookies, in accordance with PIPEDA and Law 25. For California users, non-essential cookies are treated as “sharing” of personal information and are subject to your GPC or opt-out rights.
7. Data Security and Breach Notification
7.1 Security Measures
We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
Security Practices Include:
a) Technical Safeguards:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest
- Secure password hashing (bcrypt or equivalent)
- Regular security patches and updates
- Firewall protection and intrusion detection systems
b) Administrative Safeguards:
- Access controls limiting who can access personal information (principle of least privilege)
- Employee training on privacy and security practices
- Confidentiality agreements with employees and contractors
- Regular security audits and assessments
c) Physical Safeguards:
- Secure data centers with restricted physical access (provided by hosting partners)
- Environmental controls and disaster recovery measures
7.2 Limitations of Security
No system is 100% secure. Despite our efforts:
- Unauthorized access, hacking, data breaches, or human error may occur
- Internet transmission is not completely secure
- You are responsible for safeguarding your account credentials
Your Responsibilities:
- Use a strong, unique password for your account
- Do not share your login credentials
- Log out of your account when using shared devices
7.3 Data Breach Notification
In the event of a security breach involving personal information that poses a real risk of significant harm (as defined by PIPEDA) or meets notification thresholds under applicable provincial or U.S. state laws:
Our Obligations:
- Canadian Law (PIPEDA): We will notify affected individuals and the Office of the Privacy Commissioner of Canada without unreasonable delay. We will maintain a register of all privacy breaches as required by PIPEDA, regardless of whether the breach meets the notification threshold.
- Quebec Law 25: We will notify affected individuals and the Commission d’accès à l’information (CAI) without delay and maintain a confidentiality incident register as required by Quebec law.
- U.S. State Laws: We will notify affected individuals and, where required, state attorneys general and regulators in accordance with applicable timelines (typically within 30–90 days).
Notification Will Include:
- Description of the breach and affected information
- Steps we are taking to address the breach
- Steps you can take to protect yourself
- Contact information for questions
How We Notify:
- Direct communication (email, if available)
- Prominent notice on the Platform (if contact information is unavailable)
- Additional methods as required by law (e.g., substitute notice for large-scale breaches)
8. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information.
8.1 Rights Under Canadian Law
PIPEDA (Federal – All Provinces Except Alberta and BC):
If you are in Canada (outside Alberta and BC), you have the right to:
a) Access:
- Request a copy of the personal information we hold about you
- Receive information about how we use and disclose your personal information
b) Correction:
- Request correction of inaccurate or incomplete personal information
c) Deletion:
- Request deletion of your personal information (subject to legal exceptions)
d) Withdraw Consent:
- Withdraw consent for non-essential processing (may limit Platform functionality)
e) File a Complaint:
- File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights
Alberta PIPA – Alberta Residents:
If you are an Alberta resident, your privacy rights are governed by Alberta’s Personal Information Protection Act (PIPA). Your rights are substantially similar to PIPEDA, including the right to access, correct, and withdraw consent for use of your personal information. Complaints regarding Alberta PIPA may be directed to the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca).
BC PIPA – British Columbia Residents:
If you are a BC resident, your privacy rights are governed by BC’s Personal Information Protection Act (PIPA). Your rights include access, correction, and withdrawal of consent. Complaints may be directed to the Office of the Information and Privacy Commissioner for BC (oipc.bc.ca).
8.2 Rights Under U.S. State Privacy Laws (CCPA/CPRA, VCDPA, etc.)
If you are a resident of California, Virginia, Colorado, Connecticut, or other states with privacy laws, you may have the right to:
a) Know:
- Know what personal information we collect, use, disclose, and sell (we do not sell personal information)
- Request a copy of the specific personal information we have collected about you in the past 12 months
- Receive a “Notice at Collection” at the point where we collect your personal information (provided via our website’s cookie consent notice and sign-up forms)
b) Delete:
- Request deletion of your personal information (subject to legal exceptions)
c) Opt-Out:
- Opt-out of the “sale” or “sharing” of personal information (we do not sell or share personal information for advertising purposes)
- Use the Global Privacy Control (GPC) signal as a valid opt-out request – we honor GPC signals automatically (see Section 6.5)
d) Correct:
- Request correction of inaccurate personal information
e) Non-Discrimination:
- Not be discriminated against for exercising your privacy rights
f) Data Portability (California):
- Receive your personal information in a portable, machine-readable format
g) Sensitive Personal Information (California – CPRA):
The CPRA created a category of “Sensitive Personal Information” (SPI) with enhanced protections. While we collect minimal SPI, users may voluntarily include sensitive details in their reviews (such as demographic information). We do not use SPI to infer characteristics about you beyond what is necessary for the purposes of the review submission, and you may request to limit our use of SPI at any time by contacting us.
8.3 How to Exercise Your Rights
To exercise any of the above rights, please submit a Data Subject Access Request (DSAR) to us at:
- Email: [Insert DSAR email address, e.g., privacy@rateinterviews.com]
- Web Form: [Insert link to DSAR submission form on website]
Your request should include:
- Your name and email address (if you have an account)
- Description of your request and the right(s) you wish to exercise
- Verification information (we may need to verify your identity to prevent unauthorized access)
Response Timeline: We will respond to verified requests within:
- 30 days (Canada – PIPEDA, Alberta PIPA, BC PIPA)
- 45 days (U.S. state laws, extendable to 90 days for complex requests)
- 30 days (Quebec Law 25, extendable to 30 additional days with notice)
Verification Process:
- We may request additional information to verify your identity before fulfilling requests
- Verification prevents unauthorized access to your personal information
Limitations: Some requests may be denied or limited based on legal exceptions, such as:
- Legal obligations to retain information
- Pending litigation or regulatory investigations
- Fraud prevention and security purposes
- Rights of other individuals
8.4 Authorized Agents (California Residents)
California residents may designate an authorized agent to submit requests on your behalf. The agent must:
- Provide written authorization signed by you
- Verify their identity and authority
- We may still require you to verify your identity directly
9. Third-Party Services and Links
9.1 Third-Party Websites
The Platform may contain links to third-party websites, services, or resources (e.g., company career pages, external articles).
We are not responsible for:
- The privacy practices of third-party websites
- Content, accuracy, or availability of external sites
- Any harm resulting from your use of third-party services
Third-party websites have their own privacy policies and terms. We encourage you to review their policies before providing personal information.
9.2 Third-Party Service Providers
We use third-party service providers to operate the Platform (see Section 4.2). These providers:
- Process personal information on our behalf according to our instructions
- Are contractually required to protect your information
- May have their own privacy policies for services they provide directly to you
Examples of Third-Party Services:
- Cloud hosting and infrastructure providers
- Email delivery services
- Analytics platforms (e.g., aggregated usage statistics)
- Security and fraud prevention tools
9.3 Social Media and Sharing
If you choose to share Platform content on social media (e.g., Facebook, X/Twitter, LinkedIn):
- Those platforms may collect information about your activity
- We do not control how social media platforms use your information
- Review the privacy policies of social media platforms before sharing
10. International Data Transfers
10.1 Data Storage and Processing
The Platform operates primarily in Canada. Your information may be stored and processed in:
- Canada (primary operations)
- The United States (cloud infrastructure and service providers)
- Other jurisdictions where our service providers operate
10.2 Cross-Border Transfers (Canada – U.S.)
By using the Platform, you acknowledge and consent to the transfer of your information between Canada and the United States, and other jurisdictions where our service providers operate.
For Canadian Users: Information transferred to the U.S. or other jurisdictions may be subject to lawful access by government authorities in those jurisdictions under the laws of those countries (including the USA PATRIOT Act and successor legislation). Such access may be without notice to you and is beyond our control.
For U.S. Users: Information transferred to Canada is subject to Canadian privacy laws, including PIPEDA, which provide protections broadly similar to those in the U.S., though some differences exist.
All cross-border transfers to third-party service providers are governed by our data processing agreements, which require service providers to protect your information at a standard equivalent to that required under applicable Canadian and U.S. privacy law.
10.3 Jurisdictional Compliance
We strive to comply with privacy laws in all jurisdictions where we operate, including:
- PIPEDA (Canada)
- Provincial privacy laws (Ontario, Alberta, BC)
- Quebec’s Law 25
- CCPA/CPRA and other U.S. state privacy laws
If local laws prohibit you from agreeing to cross-border data transfers, you may not be able to use the Platform.
11. Children’s Privacy
11.1 Age Restriction
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If you are under 18:
- Do not use the Platform
- Do not submit reviews or create an account
- Do not provide any personal information to us
11.2 Parental Notice
If we become aware that we have collected personal information from a child under 18, we will:
- Delete the information as soon as reasonably possible
- Terminate any associated account
- Not use the information for any purpose
If you are a parent or guardian and believe your child has provided personal information to us, please report the review immediately to start the deletion process.
12. Changes to This Privacy Policy
12.1 Right to Modify
We reserve the right to update or modify this Privacy Policy at any time to reflect:
- Changes in our privacy practices
- New features or services
- Legal or regulatory requirements
- User feedback and best practices
12.2 Notice of Changes
We will provide notice of material changes by:
- Posting the updated Privacy Policy on the Platform with a new “Effective Date”
- Sending an email notification (if you have provided an email address)
- Displaying a prominent notice on the Platform homepage
For material changes that reduce your privacy rights, we may require your affirmative consent before the changes take effect. For users subject to Quebec’s Law 25, any material change to the purposes for which your personal information is used will require fresh consent.
12.3 Your Acceptance
Continued use of the Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.
If you do not agree to the updated Privacy Policy:
- Stop using the Platform
- Contact us to delete your account and personal information (subject to legal retention requirements)
12.4 Review
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or to submit a Data Subject Access Request (DSAR), please contact our Privacy Officer at:
- Email: [privacy@rateinterviews.com]
- DSAR Submission Form: [Insert web form URL]
For Canadian Users (Federal – PIPEDA): If you have concerns about our privacy practices and are not satisfied with our response, you may file a complaint with:
Office of the Privacy Commissioner of Canada
Website: www.priv.gc.ca | Toll-free: 1-800-282-1376
For Quebec Users (Law 25): If you have concerns about our privacy practices as they relate to Quebec law, you may file a complaint with:
Commission d’accès à l’information du Québec (CAI)
Website: cai.gouv.qc.ca | Telephone: 1-888-528-7741
For Alberta Users: Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca)
For BC Users: Office of the Information and Privacy Commissioner for BC (oipc.bc.ca)
For California Users: California Department of Justice – oag.ca.gov/privacy | 1-800-952-5225
14. Quebec’s Law 25 (Act Respecting the Protection of Personal Information)
Quebec’s Act respecting the protection of personal information in the private sector (Law 25 / Bill 64) imposes heightened privacy obligations on organizations collecting personal information from Quebec residents. The following provisions apply specifically to Quebec users.
14.1 Privacy Officer
We have designated a Privacy Officer responsible for compliance with Law 25 and overseeing the protection of personal information. Our Privacy Officer can be reached at the contact information in Section 13.
14.2 Privacy Impact Assessments (PIAs)
Before launching new technologies or projects involving the collection or use of personal information, we conduct Privacy Impact Assessments (PIAs) as required by Law 25. PIAs evaluate potential risks to the privacy of individuals and implement appropriate safeguards.
14.3 Confidentiality Incident Register
We maintain a register of all confidentiality incidents (privacy breaches) involving personal information, regardless of whether the incident meets the notification threshold under Law 25. This register is maintained as required by Law 25 and may be made available to the Commission d’accès à l’information (CAI) upon request.
14.4 Right to De-indexing and Cessation of Dissemination
Quebec residents have the right to request that we cease disseminating their personal information or de-index any hyperlink attached to their name that provides access to information about them, if dissemination of the information:
- Causes them serious injury in relation to their right to dignity, privacy, or reputation; and
- The injury is clearly greater than the public’s interest in knowing the information or in accessing it via the hyperlink
To exercise this right, contact our Privacy Officer at the address in Section 13.
14.5 Right to Portability
Quebec residents have the right to receive personal information provided to us in a structured, commonly used technological format, and to have that information transferred directly to another person or organization, where technically feasible. Contact our Privacy Officer to make a portability request.
14.6 Automated Decision-Making
If we use your personal information to make an exclusively automated decision that produces legal or significant effects concerning you, you have the right to be informed, to present your observations, and to request a review of the decision by a person. We currently do not make such automated decisions; however, we will inform you and update this section if that changes.
14.7 Transparency and Consent
When collecting personal information from Quebec residents, we will clearly explain:
- The purposes for which the information is collected
- The means by which the information is collected
- Your rights to access, correct, and withdraw consent
- The name and contact information of our Privacy Officer
Consent is obtained in a clear, free, informed, and specific manner. Consent may be withdrawn at any time, subject to legal exceptions. Withdrawal of consent may limit your ability to use certain Platform features.
14.8 Language
We are committed to making our privacy communications available in both English and French for Quebec users, in accordance with the Charter of the French Language (Bill 96). A French version of this Privacy Policy is available upon request from our Privacy Officer.
15. Canada’s Anti-Spam Legislation (CASL)
We comply with Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23) for all commercial electronic messages (CEMs) sent to Canadian users.
15.1 Consent
We will only send you CEMs if we have obtained your express or implied consent as defined under CASL. Express consent is obtained through a clear opt-in mechanism (such as a checkbox) at the time of account creation or via our email preference settings. Implied consent may exist based on an existing business relationship with you.
15.2 Content of Messages
All CEMs we send will:
- Clearly identify rateinterviews.com as the sender
- Include our mailing address or web address
- Include a clear and functional unsubscribe mechanism
15.3 Unsubscribe
You may withdraw your consent to receive commercial electronic messages at any time by:
- Clicking the “Unsubscribe” link included in any CEM
- Contacting us at the privacy email address in Section 13
We will process unsubscribe requests within 10 business days, as required by CASL. Transactional messages (such as security alerts, account notifications, and responses to your support requests) are not CEMs and may be sent regardless of your marketing preferences.
15.4 Consent Records
We maintain records of all CASL consents, including the date, method, and scope of consent, in accordance with our obligations under CASL.
16. Definitions
Personal Information: Information that identifies, relates to, describes, or can be reasonably linked to a particular individual or household, including but not limited to names, email addresses, IP addresses, and device identifiers. In Quebec, personal information means any information which relates to a natural person and allows that person to be identified.
Sensitive Personal Information (SPI): A subcategory of personal information that includes data such as racial or ethnic origin, religious beliefs, health data, precise geolocation, and other categories receiving heightened protection under applicable law, including California’s CPRA.
User-Generated Content: Any content (reviews, ratings, comments) submitted by users to the Platform.
Anonymized Information: Information that has been processed to remove identifying characteristics such that it cannot reasonably be used to identify an individual.
Aggregate Information: Information combined from multiple users and presented in a summary form that does not identify individual users.
Commercial Electronic Message (CEM): As defined under CASL, an electronic message sent to an electronic address that encourages participation in a commercial activity.
Privacy Officer: The individual designated by rateinterviews.com to oversee privacy compliance, receive privacy requests, and act as the primary contact for privacy regulators.
DSAR: Data Subject Access Request – a formal request by an individual to exercise their rights under applicable privacy law, including rights to access, correct, delete, or port their personal information.
Law 25: Quebec’s Act respecting the protection of personal information in the private sector (RLRQ, c. P-39.1), as amended by Bill 64 and subsequent legislation.
GPC: Global Privacy Control – a browser signal that communicates a user’s preference to opt out of the sale or sharing of their personal information under applicable U.S. state privacy law.
BY USING RATEINTERVIEWS.COM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.
Last Updated: May 6, 2026