Date: 2023-09-21
This policy aims to ensure the protection of personal information and to define the procedures for collecting, using, disclosing, retaining, destroying and managing information by PHYSIOOUTAOUAIS, which includes management, employees, suppliers, etc. Moreover, it aims to inform anyone concerned about how their personal information is processed by PHYSIOOUTAOUAIS, whether it be customers, employees, or any other individuals.
RESPONSIBILITY
PHYSIOOUTAOUAIS assumes full responsibility for the protection of personal information under its control. Information collected, used, disclosed, retained, or destroyed is governed by this policy in order to protect the privacy of every individual.
To ensure the optimal protection of personal information, PHYSIOOUTAOUAIS’s Privacy Officer shall:
- Oversee and review internal practices and procedures for processing personal information as well as compliance with current laws;
- Suggest measures to ensure ongoing protection of personal information in line with Privacy Impact Assessments;
- Implement necessary measures within the business to ensure the protection of information;
- Ensure staff compliance and training in best practices for protecting personal information.
- Coordinate, investigate, and respond to inquiries and complaints about personal information protection;
- Communicate with the concerned individual(s) and the Commission d’accès à l’information (CAI) in case of a data leak or any incident;
- Keep a record of personal data-related incidents.
The protection of personal information is everyone’s business. No retaliation can be made against an individual who files a complaint about the protection of personal information or participates in a CAI investigation procedure.
COLLECTION OF PERSONAL INFORMATION
Personal information collected allows PHYSIOOUTAOUAIS to carry out its functions and activities in accordance with applicable laws and standards. PHYSIOOUTAOUAIS collects personal information only when necessary and to serve specific, predefined purposes. Personal information is collected directly from the concerned individual and with their consent unless an exception is provided for by law.
A non-exhaustive list of the information collected and its intended use is provided in Appendix A. The majority of personal information collected pertains to employees in order to meet the business’s legal obligations. Personal information about other individuals may be requested in order to assist employees in case of emergency, for example. It is up to the employees to obtain their consent before providing us with their contact details.
As far as customer information is concerned, data is supplied to feed our files, management software, contracts and invoicing. We attach the utmost importance to the confidentiality and security of our customers’ data. All information collected, whether contact details or other personal information, is treated with the utmost rigor and in compliance with current laws and regulations on the protection of personal information. Our team is committed to implementing robust security measures to prevent unauthorized access, as well as regularly training our staff on best practices in data confidentiality. We regard the protection of our customers’ personal information as a fundamental responsibility to ensure their well-being and their trust in our services.
CONSENT AND ACCURACY OF PERSONAL INFORMATION
PHYSIOOUTAOUAIS ensures that the collection of personal information is done for justified, clear, and specific reasons and with the free and informed consent of the person. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will ensure that we obtain your informed consent in a clear and separate written form, providing clear details about the purpose of the collection and how the information will be used. Your consent is essential to ensure the protection of your personal data.
LIMITATION ON THE USE OF PERSONAL INFORMATION
We collect and use your personal information only when necessary and for the purposes for which consent was obtained. PHYSIOOUTAOUAIS must provide certain information in order to meet the legal and regulatory verification processes and requirements. The use may vary but could serve different purposes as illustrated in Appendix A.
Information may be transmitted to third parties to the extent necessary for the purposes of the activities mentioned in Appendix A. PHYSIOOUTAOUAIS cannot be held responsible for the behavior and usage undertaken by third parties.
Personal information will not be used or disclosed for other purposes than for specific objectives, unless required by law.
PROTECTION OF YOUR PERSONAL INFORMATION
PHYSIOOUTAOUAIS takes all reasonable precautions and has implemented significant physical and technical measures to prevent unauthorized or illegal use of, and access to, personal information. The measures in place include, among others:
- Use of information only when necessary ;
- Ensure the confidentiality and protection of personal information that someone may have learned in the course of their duties, unless authorized to disclose it by the person concerned ;
- Protection files with selective and limited access to authorized persons ;
- Secure access to offices with locked doors and access codes ;
- Secure shredding of paper files ;
- Two-factor authentication for all platform connections;
- Immediate withdrawal of access following the end of a business relationship.
All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify a Privacy Officer.
RETENTION PERIOD FOR YOUR PERSONAL INFORMATION
PHYSIOOUTAOUAIS undertakes to comply with the minimum retention periods provided by the category of personal information and applicable laws. However, if the information collected is no longer useful to PHYSIOOUTAOUAIS and its retention is not necessary or mandatory according to different legislative frameworks, it will be destroyed, erased, or converted in such a way as to remain anonymous.
COMMITMENT TO TRANSPARENCY
PHYSIOOUTAOUAIS is committed to being transparent about the processing, procedures, and purposes for which personal information is used with customers, employees, interns and business partners.
ACCESS TO YOUR PERSONAL INFORMATION
A person may request access to his or her personal information and the means by which it was collected. Depending on the content of the person’s file, exceptions may be applicable, such as personal information about a third party, however, the person will be informed. In case of inaccurate information in the file, the person concerned may request its correction.
For any consultation, withdrawal, and/or modification of personal information, please communicate with a Privacy Officer. At any time, you can withdraw your consent to the communication of your personal information. A written request must be submitted to a Privacy Officer. A response will be provided to you within 30 days of receipt. When it is not possible to share the requested information, legal justification and support must be provided to back up the decision to the requester.
COMPLAINTS
A person who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a way that is not in accordance with the provisions of this policy, may file a confidential complaint with a Privacy Officer. The individual must provide their name, contact details, including a phone number, and the subject and grounds for the complaint. It is necessary to provide sufficient details for the complaint to be properly assessed. A response will be provided within 30 days following the date of receipt of the complaint. If the complaint is insufficiently specific, a Privacy Officer may request any additional information deemed necessary to evaluate the complaint. A Privacy Officer will conduct an investigation into the received complaints, minimize any possible damage, and make the necessary corrections.
You may also file a complaint with the Commission for Access to Information. However, PHYSIOOUTAOUAIS encourages concerned individuals to first communicate with a Privacy Officer and wait for the conclusion of the planned management process.
APPROVAL
This policy is approved by Privacy Officers at PHYSIOOUTAOUAIS.
Privacy Officers
|
Luc Campbell 819.246.3357 |
|
Nathalie Blais 819.772.1012 |
|
Isabelle Bond 819.525.1697 |
|
Xavier Seyer 809.669.9747 |
|
Nicolas Turcotte 819.643.3337 |
|
Sandy Saad 819.770.5221 |
|
Philippe Maheu 819.775.9515 |
|
Danny Waddell-Blais 819.770.7575 |
|
Karim Samman 819.557.7775 |
|
Martin Gélinas 819.682.8050 |
For all requests, questions or comments relating to this policy, please contact a Privacy Officer by phone.
Appendix A
Personnes concernées | Catégories des renseignements | Types de renseignements | Fins pour lesquelles les renseignements sont conservés |
---|---|---|---|
Employés | Dotation | Renseignements relatifs au recrutement, comme un curriculum vitae, des renseignements sur le parcours scolaire et professionnelle, des détails concernant les employeurs précédents pour la vérification d’emploi pour un recrutement potentiel. | Gestion interne (évaluation des candidatures) |
Embauche (Employés et stages) | Renseignements relatifs à constituer au dossier employé comme le nom et prénom, les coordonnées, le NAS, la rémunération, les informations bancaires, le contrat de travail ou de stage, les contacts d’urgence, etc. | Gestion interne (fonctionnement de la paie, obligations légales, CNESST, REER, Équité salariale, gestion de la performance, etc.) | |
Clients et fournisseurs | Système de gestion comptable, CRM et gestion de projets | Renseignements relatifs à des services demandés et/ou rendus.
Renseignements relatifs à la facturation et des renseignements financiers, comme une adresse de facturation, de l’information relative à un compte bancaire ou des données de paiement. |
Gestion interne (services informatiques, cybersécurité, facturation, gestion des projets, gestion de la communication, recueille d’informations dans le cadre d’un programme, contrat et, entente de service) |