Privacy policy for employees, subcontractors, and directors
PRIVACY POLICY FOR EMPLOYEES, SUBCONTRACTORS, AND DIRECTORS
This Privacy Policy describes our policies and procedures regarding the collection, use, retention, and disclosure of the personal information of the Company’s employees and subcontractors.
Privacy Officer
The Company’s Privacy Officer is Philippe Martineau, Director of Finance and Administration, duly designated by Patrice Allibert, the Company’s Chief Executive Officer.
Collection and use of personal information
The personal information collected from employees, subcontractors, and directors is limited to the information necessary for the Company to fulfill its tax, regulatory, or other legal obligations.
Personal information that may be collected:
- Email address
- First and last name
- Phone number
- Home address, province, postal code, city
- Work address, province, postal code, city
- Date of birth
- Social Insurance Number (SIN)
- Banking information
- Pay and conditions of employment
- Copy of a piece of ID
Use of personal information
Personal information is used solely to allow the Company to fulfill its legal obligations, in particular:
- Payment of wages
- Production of tax forms
- Financial audits by revenue agencies
- Employment-related communications
- Criminal record and employment reference checks
- Declarations to the Registraire des entreprises (REQ), Corporations Canada, and other government services
Retention of personal information
Personal information will be retained for as long as is necessary to comply with our obligations, including tax, regulatory, or other legal requirements. If the Company considers it important to hold information, such as information on wages, for longer than is necessary to meet its legal obligations, that information will be scrubbed of any unnecessary information (address, SIN, bank details, etc.).
Personal information will only be kept in our storage systems, either in a cloud service or on our servers. No personal information will be stored on paper. Access controls are in place to restrict access to personal information to authorized personnel only, i.e., those who need the information in order to perform their duties.
Sharing of personal information
- With service providers: We may share personal information with certain service providers where necessary, including but not limited to payroll service providers, insurers and insurance brokers, auditors, bankers, and tax or legal service providers. No information will be shared unless it is strictly necessary for the provision of services.
- For business transfers: We may share or transfer personal information in connection with, or during the negotiation of, any merger, sale of Company assets, financing, or acquisition of all or part of the Company by another company.
- With affiliates: We may share personal information with our affiliates, in which case we will require such affiliates to comply with this privacy policy. The term “affiliates” includes our parent company and any other subsidiaries, joint venture partners, or other companies that we control or that are under joint control with us.
- Compliance bodies: We may share personal information with governmental, paragovernmental, or other regulatory bodies where necessary to fulfill our regulatory obligations.
- Law enforcement: In certain circumstances, the Company may be required to disclose personal information if required to do so by law or in response to valid requests from public authorities (for example, a court or government agency).
- With your consent: For purposes other than those listed above, we will obtain your consent before sharing your personal information.
Destruction of personal information
Personal information will be destroyed when it is no longer needed for the purposes for which it was collected, or when the retention requirements provided for by law have ended.
The Privacy Officer will destroy the information whether it is in the form of emails, notes, documents in the Company’s storage systems, entries in the payroll system, or any other form. Should the Privacy Officer be unable to destroy the information themselves, they will take reasonable steps to ensure that another member of staff with access to the information destroys it.
Complaints
The Company understands that, despite its best efforts, real or perceived privacy incidents may give rise to complaints. Complaints relating to privacy incidents will be dealt with promptly and diligently.
- The complaint will be made to the Privacy Officer. If the complaint is sent to an employee or manager instead, that person will forward it to the Privacy Officer, who will contact the complainant to gather the necessary information.
- The Privacy Officer will examine the complaint to determine whether a privacy incident has occurred or whether the complaint involves a legitimate use of personal information.
- If the complaint is unfounded, the Privacy Officer will contact the complainant to explain that the use of their personal information is legitimate and in compliance with this policy. If the complaint is found to be justified, the Company will address it by following its privacy incident action plan.
- Once each step of the action plan has been duly completed, the Privacy Officer will contact the complainant to inform them:
- That the complaint has been recorded in the Company’s privacy incident log
- That the incident was reported to the Commission d’accès à l’information du Québec
- Of the measures taken to address the breach and mitigate its impact on the complainant
- Of the measures taken to minimize the likelihood of a similar privacy incident occurring in the future
Changes to this privacy policy
We may update our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on our website and by any other means of communication deemed appropriate.