• Homepage
  • >Privacy Policy-protection of personal information

Privacy and Data Protection Policy

Personal Information

1   Introduction

MARCHES TAU (LES) is committed to your privacy and the protection of your personal information. We encourage you to read our Privacy Policy (the " Policy ") before using our services and our client platform available in https://marchestau.com and all related subdomains.

In connection with the use of our services, our website, our e-commerce platform, our loyalty program, and our communications with you, MARCHES TAU (LES) may collect, use, disclose, retain or destroy certain personal information about you, in accordance with this policy and applicable privacy laws.

-    Act respecting the protection of personal information in the private sector (CQLR, c. P- 39.1).

This policy applies in particular to personal information collected when you browse our website, create a customer account, make an online purchase, participate in our loyalty program, contact our customer service, sign up for our communications or interact with our digital services.

The purpose of this Policy is to provide users of MARCHES TAU (LES)  with the following:

  • How their personal information is collected, used and disclosed;
  • What their rights are in relation to their personal information;
  • Who is responsible for the protection of personal information collected, used and disclosed by MARCHES TAU (LES).

 

2   What is personal information?

2.1   Definition

Personal information is any information that relates to a natural person and allows, directly or indirectly, to identify that person. Your personal information may include, but is not limited to, your first and last name, mailing address, shipping address, telephone number, email address, account identifiers, order information, purchase history, communication preferences, loyalty program participation, customer service requests, technical information related to your device or browsing,  and any other information that directly or indirectly identifies you.

2.2   Sensitive Information


Some information may be considered sensitive because of its nature or the context in which it is used. For example, certain purchases, preferences or requests related to natural health products, supplements, specialty products, dietary habits or personal products may allow sensitive information about an individual to be inferred.

Where required by law, MARCHES TAU (LES) will seek express consent prior to

use or disclose such information.

2.3   Professional Information

In a business context, certain information related to the performance of a function within a company, such as name, position, place of work address, business email address and business telephone number, may be excluded from certain legal obligations, when used solely for business purposes.

 

3   Privacy governance

MARCHES TAU (LES) has implemented internal policies and practices to govern the protection of personal information throughout its life cycle, i.e., during collection, use, disclosure, retention, destruction or anonymization.

These policies and practices include:

  • the roles and responsibilities of the Privacy Officer;
  • the roles and responsibilities of authorized employees and vendors;
  • rules for the collection, use, disclosure and retention of

    personal information;

  • the security safeguards applicable to the sensitivity of the information;
  • the process for processing requests for access, rectification, withdrawal of consent

    and complaints;

  • managing confidentiality incidents;
  • supervision of suppliers and subcontractors;
  • conducting privacy impact assessments when required;
  • rules relating to the destruction or anonymization of personal information.

 

4   Summaries of our activities with respect to your personal information

The following table sets out the main categories of personal information that we may collect, the purposes for which it is collected, the means of collection used and the categories of persons or suppliers who may have access to it when necessary.

 

Class of information ExamplesPurposesMeans of collectionCategories of third parties
Identity and contact details Name, address, telephone, e-mail Account creation, ordering, delivery, customer service Forms, customer account, online ordering IT Providers, Delivery, Customer Service

Class of information ExamplesPurposesMeans of collectionCategories of third parties
Customer Account Login, encrypted or hashed password, login history, preferences Authentication, security, account management Account Creation, Login Hosting, transactional platform
Orders and transactions Products purchased, shopping cart, purchase history, invoices, returns Order processing, delivery, refunds, customer service Website, caisse, transactional platform Payment, delivery, e-commerce
Payment Payment confirmation, token, or transactional reference Payment processing, fraud prevention Payment Provider Payment Providers
Loyalty Program Membership number, points, rewards, preferences, participation history Program Management, Benefits, Program Communications Registration, loyalty account, purchases Loyalty Program Provider
Communications Emails, forms, requests, complaints, customer service responses Respond to requests, manage complaints, follow up Email, form, phone Communication tools, customer service
Marketing & Surveys Communication preferences, consents, participation in surveys Newsletters, offers, surveys, service improvements Forms, consent, preferences Marketing or Survey Providers
Browsing and cookies IP address, session ID, pages viewed, referring source, device Security, analytics, site improvement, personalization by consent Cookies, pixels, journaux Analytics, Hosting, Security
Security and fraud prevention Logs, IP addresses, security events, access traces Account Protection, Fraud Prevention, Investigations Technical logs, security systems Cybersecurity or IT Providers

4.1   Information that may be sensitive

MARCHES TAU (LES) does not seek to collect health information directly, except when you voluntarily choose to provide such information to us in connection with a request or interaction with our services.

However, in some cases, information related to your purchases, searches, preferences or requests for certain products, including supplements, natural health products, specialty products, food products or personal products, may allow sensitive information to be inferred.


Where required by law, we will seek your express consent before using or disclosing such information for purposes other than those necessary to provide you with the requested service.

 

5   Consent

5.1   Your Personal Information

Subject to the exceptions and requirements of applicable laws, we will not disclose your personal information to third parties without your consent.

When you provide us with your personal information, we will use and disclose it only for the purposes identified at the time of collection or described in this Policy, where those purposes are necessary to provide the requested service or as otherwise permitted by law.

Where your consent is required, we will ask for it in a manifest, free, informed and specific manner, in simple and clear terms. Where consent is requested in writing, it will be presented separately from any other information provided.

Certain processing, including marketing communications, non-essential surveys, analytical or advertising cookies, advanced personalization, and the use or disclosure of sensitive information, may be subject to separate consent.

You may withdraw your consent at any time, subject to certain legal or contractual restrictions.

In certain cases provided for by law, MARCHES TAU (LES) may use your personal information without obtaining new consent, in particular when the use is compatible with the purposes for which the information was collected, when it is clearly for your benefit, or when it is necessary for the purposes of fraud prevention and detection or to evaluate and improve protection and security measures.

A consistent purpose must have a relevant and direct link to the original purpose of collection. The commercial prospecting or marketing is not considered a compatible purpose.

We may also disclose certain personal information without consent where permitted by law, such as in an emergency that endangers the life, health or security of an individual, to prevent an act of violence, in connection with a mandate or service contract with a supplier, or in connection with a commercial transaction permitted by law.

When we disclose personal information to a service provider, that disclosure is limited to what is necessary for the performance of the mandate or contract. The Supplier must be bound by a written agreement that includes obligations of confidentiality, security, limited use, limited retention, notification of incidents, and cooperation with reasonable audits.


Before providing us with personal information about another individual, you must obtain that individual's consent to the collection, use and disclosure of that personal information in accordance with the terms of this Policy.

5.2   Personal information about a minor

Personal information concerning a minor under the age of 14 will not be collected from him or her without the consent of the holder of parental authority or guardian, except when such collection is clearly for the benefit of this minor.

 

6   Limits on our collection, use and disclosure of your personal information

6.1   Collection

We identify the purposes for collection before we collect your personal information and collect only the information necessary for those purposes. The collection is carried out by lawful means and proportionate to the nature of the service requested.

If you submit personal information to one of our platforms for the purpose of publishing, we will publish it and may use that information in accordance with the permissions you grant us.

6.2   Usage

We use your personal information only for the purposes for which it was collected, for compatible purposes permitted by law, or with your consent where required.

Specifically, we may use your personal information for the following purposes:

 

  1. To provide the requested services : create and manage your account, process your orders, ensure delivery or pickup, manage returns, refunds and tracking.
  2. Administer the Loyalty Program : Administer your registration, earn or apply points, offer program benefits, and answer questions about the program.
  3. Respond to your requests : To process your communications, complaints, requests for information, requests for access or correction, and customer service interactions.
  4. Ensuring security and preventing fraud : protecting our platforms, detecting unauthorized access, preventing fraud, verifying certain transactions, and ensuring the security of accounts.
  5. To comply with our legal obligations : to meet applicable tax, accounting, regulatory, judicial or other obligations.
  6. To improve our services : to analyze the use of our platforms, to correct technical problems, to improve the user experience and to measure the performance of our services, where permitted by law or with your consent where required.
  7. Marketing Communications, Surveys and Personalization : To provide you with offers, newsletters, surveys or personalized communications only when required by law

    or when you have consented to it. You may withdraw your consent to these communications at any time.

    6.3   Disclosure of Personal Information

    We may disclose your personal information only to those individuals, suppliers or partners who need access to the information to fulfill the purposes described in this policy or where permitted by law.

    These categories may include:

    • our employees and authorized representatives;
    • our hosting, e-commerce, IT security and

      technical support;

    • our payment providers;
    • our delivery or pick-up providers;
    • our loyalty program suppliers;
    • our providers of electronic communications, newsletters, surveys or marketing, where applicable;
    • our professional advisors, including legal, accounting, technology and other advisors;
    • public, regulatory, judicial or law enforcement authorities where required or permitted by law.

      Your personal information will not be disclosed to third parties other than in accordance with this Privacy Policy, except as required or permitted by law, or as ordered by a court of competent jurisdiction.

      6.4   Disclosure of Personal Information Outside Québec

      Your personal information may be retained or processed by MARCHES TAU (LES) or by certain suppliers located in Quebec, elsewhere in Canada, the United States or other jurisdictions, including when necessary for hosting, e-commerce, payment processing, delivery, loyalty program, technical support, performance analysis or electronic communications.

      Before disclosing personal information outside Quebec, MARCHES TAU (LES) conducts a privacy impact assessment to assess, among other things:

      • the sensitivity of the information involved;
      • the purposes for which they will be used;
      • applicable safeguards, including contractual, technological, organizational and administrative measures;
      • the applicable legal regime in the jurisdiction where the information will be disclosed.

        Such disclosure is only made if the assessment demonstrates that the information is adequately protected. Where required, such communication shall be the subject of a written agreement with the supplier or partner concerned.

        When your personal information is disclosed or stored outside of Quebec, it may be subject to applicable laws in the relevant jurisdiction, including laws allowing access by public, judicial, regulatory or governmental authorities.

         

        7   Accuracy of Your Personal Information

        We take reasonable steps to ensure that your personal information is accurate and complete for the purposes for which it was collected.

         

        8   Retention of your personal information

        We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal, tax, accounting, contractual or regulatory obligations.

        Retention periods may vary depending on the nature of the information and the applicable purposes. For information purposes:

        • Your customer account information is retained for as long as your account is active and thereafter for a reasonable period of time in order to comply with our legal obligations or to manage potential disputes;
        • information related to orders, invoices, payments, refunds or transactions may be retained for the period required for tax, accounting or evidentiary purposes;
        • Customer service communications are retained for the period necessary to process the request and appropriate follow-up.
        • information related to marketing communications is retained for as long as your consent remains valid or until you unsubscribe, subject to applicable obligations;
        • Technical and security logs are kept for a limited period of time necessary for security, fraud prevention, and incident management.

          Upon expiry of the applicable retention period, the personal information is

          securely destroyed or anonymized in accordance with applicable legal requirements.

          When suppliers or subcontractors process personal information on our behalf, we require that they be bound by a written agreement providing for appropriate obligations of confidentiality, security, limited use for the purposes of the mandate, limited retention, destruction or return of the information at the end of the mandate, notification of any breach or attempted breach,  and cooperating with reasonable privacy audits.

           

          9   Security measures

          9.1   Protecting Your Privacy

          We have implemented a number of physical, technological and administrative security measures with respect to the personal information and confidential data we hold to protect it from unauthorized access, use or disclosure, loss or other breach.

          These measures are determined based on the sensitivity of the information, the purposes for which it is used, its amount, its distribution and its medium. This may include, depending on the context, access controls, credential and password management, authentication, logging, access monitoring, encryption where appropriate, backup, staff training, incident management, and limiting access to authorized individuals.

          9.2   Access Management

          Access to personal information is limited to authorized employees, representatives, suppliers or partners who need it to perform their duties or to provide the required services. Access is granted on a principle of least privilege, can be logged, monitored, and revised periodically, and is removed when it is no longer needed.

          9.3   Training and awareness

          Our employees are trained and made aware of the importance of protecting personal information. When required, our suppliers and partners are also subject to contractual obligations of confidentiality and protection of personal information.

          9.4   Privacy Impact Assessment

          MARCHES TAU (LES) conducts a privacy impact assessment for any project involving the acquisition, development or redesign of an information system or electronic service delivery involving personal information. The Privacy Officer is consulted at the outset of the project.

          This assessment shall be proportionate to the sensitivity of the information concerned, the purposes of its use, its quantity, its distribution and its medium. In particular, it aims to identify privacy risks and define appropriate protection measures.

          When a project involves the communication of personal information outside Quebec, MARCHES TAU (LES) also conducts the assessment required by law prior to disclosure.

          9.5   Confidentiality incidents

          If MARCHÉS TAU (LES) has reason to believe that a confidentiality incident involving personal information has occurred and that it presents a risk of serious harm being caused by the incident, MARCHÉS TAU (LES) will promptly inform the Commission d'accès à l'information as well as any person whose personal information is affected by the incident. It may also notify any person or organization likely to reduce this risk, by communicating only the personal information necessary for that purpose without the consent of the person concerned.

          MARCHES TAU (LES) maintains a record of confidentiality incidents in accordance with applicable requirements. This log documents incidents, measures taken to reduce the risk of harm, notifications provided, if any, and measures to prevent similar incidents from occurring in the future. A copy of the register is sent to the Commission d'accès à l'information upon request.

          9.6   Destruction et anonymisation

          MARCHES TAU (LES) provides physical and technological security for the personal information it maintains in order to protect against accidental destruction, loss and disclosure, and improper destruction.

          When the purposes for which the personal information was collected or used are fulfilled, we securely destroy or anonymize it, where permitted by law, in accordance with generally accepted best practices and applicable regulatory requirements.

          When we destroy or anonymize your personal information, we take steps to ensure its confidentiality and to ensure that no unauthorized person can gain access to it during the destruction or anonymization process.

           

          10    Cookies, Similar Technologies and Profiling

          We use cookies, pixels, beacons, technical identifiers, and similar technologies to operate our site, secure our services, understand how to use our platforms, improve the user experience, and, where you consent, personalize certain content or communications.

          Certain technologies may be used to identify you, recognize your device, analyze your browsing behavior, measure your interactions with our platforms, or perform profiling within the meaning of the law, including when information is used to evaluate your personal preferences, interests, or behaviors.

          The cookies we use may include:

           

          CategoryPurposesExamplesConsent
          Essential cookies Site Operation, Shopping Cart, Session, Security, Authentication Session ID, shopping cart, login Necessary for the service
          Functional cookies Display preferences and
          Improved experience           		Language, preferences, messages already displayed As the case may be
          Analytical cookies Audience measurement and site improvement Google Analytics or similar tools Depending on the configuration and applicable consent
          Marketing or advertising cookies Advertising, campaign measurement, retargeting Advertising pixels, marketing identifiers Consent required
          Personalization or profiling technologies Personalization of experience or communications Recommendations, segmentation, interests Consent or Choice of Activation as Applicable

          You can manage your preferences for non-essential cookies through our consent management tool, which is available on your first visit and at any time from the "Privacy Preferences" link available on our website.

           

          Cookies that are essential to the operation, security, or provision of the requested service may be enabled by default.

           

          11    Rights of individuals

          Subject to exceptions provided by law, you may exercise certain rights with respect to

          Personal information we hold about you.

          11.1   Access, rectification, withdrawal of consent and information

          In particular, you can:

          1. request access to the personal information we hold about you;
          2. request the correction of inaccurate, incomplete or ambiguous personal information;
          3. withdraw your consent to certain uses or disclosures of your personal information, where applicable;
          4. request information about use, disclosure, retention and categories

            Individuals who have access to your personal information;

          5. request information about personal information disclosed outside of the

            Quebec, where applicable;

          6. file a complaint with MARCHÉS TAU (LES) or the Commission d'accès à l'information du Québec.

            All requests must be submitted in writing to the Privacy Officer and must be accompanied by information to confirm your identity.

            We will respond to your request within the time limits set out by law. If we are unable to comply with your request, we will provide you with the applicable reasons, subject to legal restrictions.

            11.2   Right to portability

            Where required by law, you may request that certain computerized personal information that we have collected from you be disclosed to you in a structured and commonly used technological format.

            Where technically feasible and permitted by law, you may also request that this information be disclosed directly to another authorized person or organization.

            The right to portability applies only to computerized personal information collected from you and does not necessarily apply to information created, inferred or derived by MARCHES TAU (LES).

            11.3   Decisions based exclusively on automated processing

            To the best of our knowledge, MARCHES TAU (LES) does not make any decision that produces legal or otherwise significant effects with respect to you that is based solely on automated processing of your personal information.

            If such a decision were to be made, we would inform you at the latest at the time of the decision. You may then be able to request information under the Act, including:

          7. the personal information used to make the decision;
          8. the reasons, key factors and parameters that led to the decision;
          9. the ability to have the personal information used corrected;
          10. the opportunity to make your representations to a person who can review the decision.

            11.4   Complaints to a competent authority

            You can also file a complaint with the competent authority for the protection of personal information, including the Commission d'accès à l'information du Québec.

            To exercise any of these rights, please contact us as set out in the section below

            "Requests, Complaints and Questions".

             

            12    Requests, Complaints and Questions

            12.1   Engagement

            We are committed to addressing your questions and concerns regarding this Policy and the protection of your personal information.

            12.2   Contact Information

            Any inquiries or complaints regarding this Policy or the protection of personal information should be directed to the Privacy Officer at the address below:

            Privacy Officer

            MARCHES TAU (LES)

            3216 St-Martin Blvd. West, Laval, Quebec H7T 1A1

            Email: vieprivee@marchestau.com

             

            12.3   Handling of requests or complaints

            When we receive a request or complaint, we acknowledge receipt when required, verify the identity of the requester, analyze the request and respond to it within the time limits set out by law. When the request is unclear, we can provide reasonable assistance to help the individual identify the information they are seeking.

            Privacy complaints are reviewed by the Privacy Officer or an authorized individual.

            MARCHES TAU (LES) documents the complaints received, the analyses carried out and the appropriate corrective actions, if any.

             

            13    Effective date of the Policy

            This Policy takes effect on May 5, 2026. It supersedes all previous versions.

             

            14    Changes to the Policy

            MARCHES TAU (LES) reserves the right to modify this policy to reflect changes to our practices, services, or applicable legal requirements. Any changes will be posted on our website.

            Where changes are material or where required by law, we will take reasonable steps to notify you and, where appropriate, obtain your consent before implementing new uses or disclosures of your personal information.