Privacy Policy
Procedure for Retention, Destruction, and Anonymization of Personal Information
1. Overview
-
Objective: Protect privacy, comply with laws, prevent breaches, and maintain customer trust.
2. Purpose
-
Ensure the protection of personal information and compliance with legal obligations.
3. Scope
-
Covers the entire lifecycle of data (collection, processing, destruction) for all employees and stakeholders.
4. Definitions
-
Personal Information: Information that can identify an individual.
-
Retention: Secure storage for the required duration.
-
Destruction: Permanent deletion of data.
-
Anonymization: Modifying data so it cannot be identified.
5. Key Procedures
-
Retention Periods: Based on category (employees: 7 years; members and clients: variable).
-
Storage Methods: Secured using digital tools (OneDrive, Wix), restricted access.
-
Data Destruction: Shredding (paper), secure deletion (digital), mandatory documentation.
-
Anonymization: Ensure data cannot be re-identified if retained.
-
Training: Regular awareness sessions for employees on best practices.
Procedure for Access Requests and Complaint Management
1. Access Requests
-
Submit in writing; identity verification required.
-
Respond within 30 days, with precise documentation.
2. Complaint Management
-
Record receipt, investigation, and resolution.
-
Transparent communication with complainants.
Procedure for De-Indexing and Deleting Personal Information
1. Definitions
-
De-indexing: Removing data from search engines.
-
Deletion: Permanent removal of data.
2. Process
-
Receive request, verify identity, evaluate data in question.
-
Communicate decisions and document actions taken.
Procedure for Managing Security Incidents
1. Types of Incidents
-
Ransomware, account hacking, loss or theft of devices.
2. Specific Interventions
-
Disconnect infected devices.
-
Notify appropriate authorities.
-
Reinitialize affected systems.
Legislation and Commitment
-
Compliance with applicable laws, including modifications to Law 25 in Quebec.
-
Regular updates to policies to reflect legal and organizational changes.