Features

Sectors

About Career
Contact Demo

Menu

Dashboards and KPIs Finance and accounting Sales and CRM Procurement and warehouse management (WMS) Payroll and human resources Production Project management Utilities Extranet

Features

To meet your needs

All features
Manufacturer Service company Distribution Agri-food Retail Milling Adapted enterprise

Sectors

Customized to fit your industry

All sectors
Features
Dashboards and KPIs Finance and accounting Sales and CRM Procurement and warehouse management (WMS) Payroll and human resources Production Project management Utilities
Sectors
Manufacturer Service company Distribution Agri-food Retail Milling Adapted enterprise
About
Career
Extranet
Contact Accéder à la démo
Home
Privacy policy

Privacy policy

1. STATEMENT

This policy aims to outline the actions to be taken for the protection of personal information within our company.

2. GOALS

Our personal information protection policy describes the standards for collecting, using, disclosing, and retaining your personal information. It also explains how we protect your personal information and your right to access it.

3. TERMINOLOGY

Personal Information:

Personal information is defined as any information or combination of information that relates to an individual and allows them to be identified, including:

  • Name, race, ethnic origin, religion, marital status, and education level;
  • Personal email address, personal email messages, and personal IP (Internet Protocol) address;
  • Date of birth, age, height, weight, medical records, blood type, DNA, fingerprints, and voice signature;
  • Income, purchases, consumption habits, banking details, credit or debit card data, loan or credit reports, and tax returns;
  • Social Insurance Number (SIN) or other identification numbers.

However, an individual’s name and professional contact details, such as title, address, phone number, and business email, are not considered personal information. Personal information must be protected regardless of the medium or form: written, graphic, audio, visual, computerized, or other.

4. POLICY ELEMENTS

Consent:

When we collect information about you, we first request your written consent to collect, use, or disclose your information for the stated purposes. We will seek your consent for any additional use, disclosure, or collection of your personal information or if the purposes for which the information was originally collected change.

Our company commits to using the provided information solely for the purposes it was collected and to retain it only as long as necessary to fulfill the requested service. However, we may collect, use, or disclose it without your consent when permitted or required by law. In specific situations, we may collect, use, or disclose personal information without informing you or obtaining your consent, such as for legal, medical, or security reasons, or when necessary to investigate a potential breach of contract, prevent or detect fraud, or enforce the law.

Limits on Collection, Use, and Disclosure:

The purposes for collecting personal information generally include confirming a person’s identity, creating an employee file, and complying with legal requirements (such as tax-related information).

We limit the collection, use, and disclosure of your personal information solely to the purposes we have communicated to you. Your personal information can only be accessed by authorized individuals as part of their assigned duties. Only authorized personnel may access your information, and the company ensures they are qualified and that access is necessary for their roles.

Retention of Information:

We retain your personal information only as long as needed for the purposes it was collected. We must destroy this information in accordance with the law and our records retention policy. When destroying personal information, we take the necessary measures to ensure confidentiality and prevent unauthorized access during the destruction process.

Records Retention Policy:

We will keep your personal information for seven (7) complete fiscal years after your departure from the company to comply with federal and provincial tax laws. After this period, physical records will be shredded, and electronic records will be anonymized or destroyed. Electronic records in our accounting and/or timesheet software will be anonymized. All other electronic records will be destroyed.

Accuracy:

Personal information must be as accurate, complete, and up to date as required for its intended use. Continuously used personal information, including that shared with third parties, will generally be accurate and up to date unless limits on its accuracy are clearly established. We do not systematically update personal information unless necessary for the purposes it was collected. The degree of accuracy and completeness depends on the data you provide in the consent form.

Accountability:

We are responsible for the personal information we hold or that is under our control, including information entrusted to third parties for processing. We require these third parties to maintain strict confidentiality and security standards. Our Privacy Officer oversees this personal information protection policy, related processes, and the procedures to protect this information. Our staff is informed and properly trained on our policies and practices regarding personal information protection.

Management of Privacy Incidents:

A privacy incident includes:

  • Unauthorized access to personal information;
  • Unauthorized use of personal information;
  • Unauthorized disclosure of personal information;
  • Loss of personal information or any other breach of protection.

If we have reason to believe that a privacy incident has occurred involving personal information we hold, we must take reasonable steps to reduce the risk of harm and prevent further similar incidents.

For each privacy incident, the company must assess the severity of the risk of harm to the affected individuals by considering:

  • The sensitivity of the information involved;
  • The anticipated consequences of its use;
  • The likelihood of its use for harmful purposes.

The company must consult its Privacy Officer and may also involve other stakeholders, such as the VP of Operations or external experts.

If the analysis reveals a risk of serious harm, the company must notify the Québec Commission d’accès à l’information and the affected individuals promptly. If there is no serious harm, the company must still continue efforts to reduce risks and prevent future incidents. However, the company is not required to notify the affected individuals if doing so would likely interfere with an investigation by an authority responsible for preventing, detecting, or suppressing crime or legal offenses.

The notice to an affected individual should adequately inform them about the scope and consequences of the incident. It should describe the personal information involved, the circumstances, the measures taken or planned to reduce the risks or mitigate the harm, and provide contact details for further information.

The company must maintain a log of all privacy incidents, even those not presenting a risk of serious harm. This log must be provided to the Québec Commission d’accès à l’information upon request. The log should detail the personal information involved, the circumstances, the number of affected individuals, the risk assessment, and the actions taken. Relevant dates (incident occurrence, detection, notifications, etc.) should also be recorded.

Access and Modification Requests:

You have the right to know whether we hold personal information about you and to access this information. You also have the right to ask questions about how this information was collected, used, and disclosed. We will provide such information within a reasonable time from the date of receiving your written request. Reasonable fees may apply to process your request.

In certain situations, we may refuse to provide the requested information, such as when it concerns other individuals, when it cannot be disclosed for legal, security, or copyright reasons, when obtained during a fraud investigation, when it can only be accessed at prohibitive cost, or when it is subject to litigation or privilege.

When we hold medical information about you, we may refuse to communicate it directly and request that it be transmitted to a healthcare professional you designate. You can verify the accuracy and completeness of your personal information and, if necessary, request its correction. Any correction request will be processed within a reasonable time.

Any request for access or correction can be sent by email to the Privacy Officer at:

Pierre Poulin
President/CEO
pierre.poulin@cdid.com

Complaints and Questions:

You can contact the Privacy Officer at the above address. Any complaint about personal information protection must be sent to the Privacy Officer. We will investigate all complaints. If a complaint is found to be valid, we will take appropriate actions, including, if necessary, modifying our policies and practices.

Training and Awareness:

The company promotes best practices and respect for transparency and personal information protection rights in various ways. It informs all staff (consent form), displays the name and contact details of the Privacy Officer, and uses various awareness methods, including information sessions, reminders at team meetings, and staff training.

5. RESPONSIBILITIES, IMPLEMENTATION, AND REVIEW

The CDID executive committee is responsible for proposing revisions to this policy as needed, but at least every three (3) years.

6. DELEGATION

N/A

7. EFFECTIVE DATE

This policy comes into effect upon its adoption by the executive committee.

8. APPENDICES

N/A