The main purpose of this policy is to ensure the protection of personal information while establishing clear guidelines for the collection, use, communication, storage, destruction, and management of data within SERVICE SINISTRE OUTAOUAIS. This applies to all stakeholders, including management, employees, suppliers, etc. Additionally, this policy aims to inform any concerned individual, whether they are clients, employees, or others, about how SERVICE SINISTRE OUTAOUAIS handles their personal information.
Responsibility
SERVICE SINISTRE OUTAOUAIS fully assumes the responsibility of preserving the personal information under its jurisdiction. The data collected, used, communicated, stored, or destroyed is subject to the provisions of this policy, primarily to maintain the confidentiality of each individual.
To ensure the most effective protection of personal information, the Data Security Officer within SERVICE SINISTRE OUTAOUAIS must:
- Supervise and review internal practices and procedures for processing personal information and compliance with current laws.
- Suggest measures to ensure the ongoing protection of personal information that align with privacy impact assessments.
- Implement necessary measures within the company to ensure the protection of information.
- Ensure compliance and staff training on best practices for protecting personal information.
- Coordinate, investigate, and respond to requests and complaints regarding the protection of personal information.
- Communicate with the individuals concerned and the Access to Information Commission (CAI) in the event of a data breach or any incident.
- Keep a record of incidents related to personal data.
- The protection of personal information is everyone’s business. No reprisals can be taken against an individual who files a complaint regarding the protection of personal information or participates in a CAI investigation.
Collection of Personal Information
Personal information collected enables the functions of SERVICE SINISTRE OUTAOUAIS and the conduct of its activities in accordance with applicable laws and standards. SERVICE SINISTRE OUTAOUAIS collects personal information only when necessary and to meet specific and predefined purposes. The collection of personal information is done directly from the individual concerned and with their consent, unless an exception is provided by law.
Appendix A provides a non-exhaustive list of collected information and the intended use of the data. Most of the collected personal information concerns employees to meet the company’s legal obligations. The communication of personal information about other individuals may be requested to assist employees in case of emergencies, for example. It is the responsibility of employees to obtain their consent before providing us with their contact information.
Regarding customer information, data is provided to feed our records, management software, contracts, and billing. We place utmost importance on the confidentiality and security of our customers’ data. All collected information, whether it be contact details or other personal information, is handled with the utmost rigor and in accordance with applicable laws and regulations regarding the protection of personal information. Our team is committed to implementing robust security measures to prevent unauthorized access and regularly trains our staff on best practices in data privacy. We consider the protection of our customers’ personal information as a fundamental responsibility to ensure their well-being and trust in our services.
Consent and Accuracy of Personal Information
SERVICE SINISTRE OUTAOUAIS ensures that the collection of personal information is done for justified, clear, and specific reasons and with the obtaining of the person’s free and informed consent. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will ensure to obtain your informed consent in writing and separately, providing clear details on the purpose of the collection and how the information will be used. Your consent is essential to ensure the protection of your personal data.
Limitation on the Use of Personal Information
We collect and use your personal information only when necessary and for the purposes for which consent has been obtained. SERVICE SINISTRE OUTAOUAIS must provide certain information to meet legal and regulatory verification processes and requirements. The use may vary but could serve different purposes as illustrated in Annex A.
Information may be transmitted to third parties to the extent necessary for the activities mentioned in Annex A. SERVICE SINISTRE OUTAOUAIS cannot be held responsible for the behavior and usage undertaken by third parties.
Personal information will not be used or disclosed for purposes other than specific objectives unless required by law.
Protection of Your Personal Information
SERVICE SINISTRE OUTAOUAIS takes all reasonable precautions and implements significant physical and technical measures to prevent unauthorized or illegal use and access to personal information. Among the measures in place are:
- Use of information only when necessary;
- Ensure the confidentiality and protection of personal information that a person has become aware of in the course of their duties unless authorized to disclose it by the person concerned.
- Protection of records with selective and limited access to authorized personnel;
- Securing access to offices with door locks and access codes;
- Secure shredding of paper records;
- Double authentication in all connections on platforms;
- Immediate withdrawal of access after the end of a business relationship.
- All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify the person responsible for personal information protection.
Retention Period of Your Personal Information
SERVICE SINISTRE OUTAOUAIS undertakes to respect the minimum retention periods provided for in the category of personal information and applicable laws. However, if the information collected is no longer useful for SERVICE SINISTRE OUTAOUAIS, and its retention is not necessary or mandatory according to different legislative frameworks, it will be destroyed, erased, or converted to maintain anonymity.
Commitment to Transparency
SERVICE SINISTRE OUTAOUAIS is committed to being transparent about the processing, procedures, and purposes of use that govern personal information with customers, employees, interns, and business partners.
Access to Your Personal Information
A person can request access to personal information concerning them and the means used to collect it. Depending on the content of the person’s file, exceptions may apply, such as personal information about others, but the person will be informed. In case of inaccurate information in the file, the person concerned can request correction.
For any consultation, withdrawal, and/or modification of personal information, you can write to the email address info@sinistre.com. At any time, you can withdraw your consent to the communication of your personal information. A written request must be submitted to the person responsible for personal information protection at info@sinistre.com. A response will be provided within 30 days of its receipt. When it is not possible to share the requested information, legal justification and support must be provided to support the decision to the requester.
Filing a Complaint
A person who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a manner inconsistent with the provisions of this policy may file a confidential complaint with the person responsible for personal information protection at the email address info@sinistre.com. The individual must provide their name, contact information, including a phone number, as well as the subject and reasons for the complaint. It is necessary to provide sufficient details for the complaint to be properly evaluated. A response will be provided within 30 days of receiving the complaint. If the complaint is insufficiently precise, the person responsible for personal information protection may request any additional information deemed necessary to evaluate the complaint. The person in charge will conduct an investigation into the complaints received, minimize damage, and make the necessary corrections.
It is also possible to file a complaint with the Commission d’accès à l’information du Québec. However, SERVICE SINISTRE OUTAOUAIS encourages individuals to first contact the person responsible for personal information protection and wait for the conclusion of the planned processing process.
Approval
This policy is approved by the person responsible for personal information protection at
SERVICE SINISTRE OUTAOUAIS.
Person Responsible for Personal Information Protection
7, rue de Bécancour
Gatineau (Québec) J8P 7X5
For any requests, questions, or comments in the context of this policy, please contact the person responsible via email.
ANNEX A
| Concerned individuals | Information categories | Information types | Purposes for which information is retained |
|---|---|---|---|
| Employees | Recruitment | Recruitment information, such as curriculum vitae, educational and professional background, details of previous employers to verify employment for potential recruitment. | Internal management (resume evaluation) |
| Staffing | Information to be included in the employee file, such as first and last name, contact details, SIN, salary, bank details, employment or internship contract, emergency contacts, etc. | Internal management (example : payroll, operations, legal obligations, CNESST, RRSP, pay equity, performance review, etc.) | |
| Customers and suppliers | Accounting, CRM and project management systems | Details of services requested and/or provided. Billing and financial information, such as a billing address, bank account information or payment details. |
Internal management (IT services, cybersecurity, billing, project management, communication, information collection as part of a program, contracts, service agreements, etc.) |