Privacy Policy

Applies to: https://expedibox.com
Last updated: January 2026

Expedibox Inc. (“Expedibox”, “we”, “our”) places the highest importance on the protection of personal information and privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in accordance with Québec’s Act respecting the protection of personal information in the private sector, as amended by Law 25, and applicable Canadian privacy legislation.

1. Scope of This Policy

This Privacy Policy applies to:

• The Expedibox website and digital platforms;
• Smart locker services operated by Expedibox;
• Satisfaction surveys, contact forms, and communications;
• Any interaction in which personal information is collected by Expedibox.

2. Definition of Personal Information

“Personal information” means any information that relates to an identifiable individual, directly or indirectly. This includes, but is not limited to:

• First and last name;
• Postal address and postal code;
• Email address;
• Telephone number;
• Photograph or image;
• IP address or device identifiers;
• Location data when applicable.

3. Collection of Personal Information

We collect personal information only when necessary and only for identified and legitimate purposes.

Categories of information collected may include:

• Identification information (name, contact details);
• Transactional or service-related information;
• Images captured at smart lockers, where applicable;
• Feedback or comments provided voluntarily through surveys or forms.

4. Methods of Collection

Personal information is collected through:

• Website registration and contact forms;
• Service or order forms;
• Voluntary participation in surveys or contests;
• Photo capture at smart lockers, where applicable;
• Direct communications with Expedibox.

5. Purposes of Use

Personal information is used strictly for the following purposes:

• Service delivery and operational management;
• Order tracking and customer support;
• Communications related to services;
• Improvement of products and services;
• Statistical analysis using aggregated and anonymized data;
• Compliance with legal and regulatory obligations.

Personal information is never used for purposes incompatible with those for which it was collected without obtaining appropriate consent.

6. Consent

Consent is obtained in accordance with Law 25:

• Consent must be clear, free, and informed;
• Certain information may be provided voluntarily;
• Some questions, including references or shared experiences, are explicitly optional;
• Consent may be withdrawn at any time, subject to legal or contractual restrictions.

7. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Facilitate navigation;
• Improve user experience;
• Compile anonymous usage statistics.

Cookie management

Users may configure their browser to refuse cookies or to be notified when cookies are used. Disabling cookies may affect certain website functionalities.

8. Disclosure of Personal Information

Personal information is not sold.

Information may be disclosed:

• To service providers acting on our behalf, under strict confidentiality obligations;
• When required by law or regulatory authorities;
• To protect legal rights or ensure service security.

In all cases, reasonable contractual and technical safeguards are applied.

9. Retention and Destruction

Personal information is retained only for the duration necessary to fulfill the purposes for which it was collected or as required by law.

Unless otherwise required:

• Personal information is retained for a maximum of five (5) years;
• After this period, information is securely destroyed or irreversibly anonymized.

10. Data Hosting and Cross-Border Transfers

Our systems and data are hosted on Google Cloud servers located in Québec, Canada.
Personal information is stored and processed in Canada.

If cross-border transfers become necessary, Expedibox will conduct a privacy impact assessment and apply appropriate safeguards, as required by Law 25.

11. Security Measures

We implement reasonable physical, technical, and administrative safeguards to protect personal information, including:

• Encryption (SSL/TLS);
• Restricted access to authorized personnel only;
• Authentication mechanisms;
• Automatic backups;
• Firewalls and monitoring systems.

Despite these measures, no system is entirely risk-free.

12. Confidentiality Incidents

In the event of a confidentiality incident involving personal information:

• Expedibox will take immediate steps to mitigate risks;
• Affected individuals will be notified when required;
• Incidents will be recorded in a confidentiality incident register, as required by Law 25;
• The Commission d’accès à l’information will be notified where applicable.

13. Rights of Individuals

You have the right to:

• Access your personal information;
• Request correction of inaccurate information;
• Withdraw consent;
• Request deletion, subject to legal obligations;
• Be informed of the use of automated decision-making, where applicable.

Requests must be submitted in writing to the Privacy Officer.

14. Privacy Officer

The person responsible for the protection of personal information is:

Francis Campbell
Privacy Officer
Expedibox Inc.
Email: francis.campbell@expedibox.com

The Privacy Officer oversees compliance, handles requests, and ensures governance of personal information.

15. Changes to This Policy

This Privacy Policy may be updated to reflect legal or operational changes.
The most recent version is always available on our website.

In the event of material changes, users will be notified by appropriate means.

16. Acceptance

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

17. Applicable Law

This policy is governed by:

• Act respecting the protection of personal information in the private sector (CQLR c P-39.1), as amended by Law 25;
• Personal Information Protection and Electronic Documents Act (PIPEDA).