POLICIES AND PRACTICES SURROUNDING THE GOVERNANCE OF PERSONAL INFORMATION

Seccan is committed to protecting all personal information collected and used in the management of its activities.

Purpose: This policy aims to establish measures to protect our organization’s confidential information, by ensuring its confidentiality, integrity and availability. It defines employees’ responsibilities and the security measures required to prevent any unauthorized disclosure or misuse of confidential information.

Scope: This policy applies to all employees, subcontractors, consultants, customers/clients, candidates and volunteers of the organization, as well as to any third party with access to the organization’s confidential information.

PERSONAL INFORMATION

Personal information is defined as any information or combination of information that relates to a physical person and allows that person to be identifiable.

However, an individual’s name and professional contact information, such as title, address, telephone number and e-mail address, are not personal information.

Personal information must be protected regardless of the medium in which it is held or its form: written, graphic, audio, visual, computerized or other.

CONSENT

When we obtain information about you, we first ask for your written consent to collect, use or disclose your collected information for the identified purposes. We will seek your consent for any other use, disclosure or collection of your personal information or when the purposes for which your information was collected change.

Our company is committed to using the information provided solely for the purposes it was collected, and to keeping it for the length of time necessary to provide the service requested.

We may, however, collect, use or disclose personal information without your consent where permitted or required by law. In certain limited circumstances, we may collect, use or disclose personal information without your knowledge or consent. Such circumstances arise when, for legal, medical or security reasons, it is impossible or unlikely to obtain your consent, or when the information is required to investigate a possible breach of contract, to prevent or detect fraud, or to enforce the law.

LIMITS ON COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

The purposes for which information is collected are generally to confirm an individual’s identity, create a customer file, or comply with legal requirements.

We limit the collection, use, and disclosure of your personal information only to the purposes we have informed you about. Your personal information can only be accessed by authorized individuals, and only as part of the tasks assigned to them.

INFORMATION RETENTION

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected. We must destroy this information in accordance with the law and our records retention policy. When we destroy your personal information, we take the necessary steps to ensure its confidentiality and that no unauthorized individual has access to it during the destruction process.

ACCURACY

Personal information must be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

Personal information that is used on an ongoing basis, including personal information that may be disclosed to third parties, will generally be accurate and up-to-date unless clear limits regarding the accuracy of this information are established

The degree of accuracy, how it is updated, and completeness of your personal information will depend on the data you enter on the consent form.

You may change your personal information at any time by contacting us.

RESPONSABILITY

We are responsible for personal information in our possession or under our control, including information we entrust to third parties for processing. We require these third parties to maintain this information in accordance with strict confidentiality and security standards.

Our Privacy Team oversees this Privacy Policy and related processes and procedures to protect your personal information.

Our staff is informed and properly trained on our privacy policies and practices.

SAFETY MEASURES

We have implemented and continue to develop rigorous security measures to ensure that your personal information remains strictly confidential and is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

These security measures include organizational measures such as restricting access to what is necessary; backing up and archiving data using an external system, etc.); and technological measures such as the use of passwords and encryption (e.g., frequent password changes and the use of firewalls).

ACCESS TO PERSONAL INFORMATION

Only authorized personnel may access your personal information. The company ensures that these people are qualified to access this information and that access is necessary for the performance of their duties.

REQUEST FOR ACCESS TO INFORMATION AND MODIFICATIONS

You have the right to access your personal information at any time by making a request to our privacy team.

You may verify the accuracy and completeness of your personal information and, if necessary, request that it be de-indexed or amended. All requests related to your information will be processed within 30 days.

QUESTIONS AND APPROVAL

This policy is approved by the SECCAN Inc. privacy team, whose business coordinates are as follows.

Address: 1570 Rue Ampère Suite 406, Boucherville, Quebec J4B 7L4

For all requests, questions or comments regarding this policy, please contact the Privacy Team

E-mail : confidentialite@seccan.com