We Respect Your Privacy
Policies & Personal data
Privacy Policy
Governance Policy
Serpone Group is committed to protecting all personal information collected and used in the management of its activities.
OBJECTIVES OF INFORMATION COLLECTION
Our personal information protection policy outlines the standards for collecting, using, disclosing, and retaining your personal information. It also explains how we protect your personal information and your right to access it.
PERSONAL INFORMATION
Personal information is defined as any information or combination of information that relates to a natural person and allows them to be identified (such as financial situation details, social insurance number, driver's license, and health insurance number). However, an individual's name, as well as their professional contact information, including their title, address, phone number, and professional email address, are not considered personal information.
Personal information must be protected regardless of its medium or form: written, graphic, audio, visual, computerized, or otherwise.
CONSENT
When we obtain information about you, we first request your written consent for the collection, use, or disclosure of your information for the stated purposes. We will seek your consent for any other use, disclosure, or collection of your personal information, or if the purposes for which your information was collected change.
Our company commits to using the information provided solely for the purposes for which it was collected and to retaining it only for the duration necessary to fulfill the requested service.
However, we may collect, use, or disclose this information without your consent when permitted or required by law. In certain specific circumstances, we may collect, use, or disclose personal information without your knowledge or consent. Such circumstances arise when, for legal, medical, or security reasons, it is impossible or unlikely to obtain your consent, or when the information is necessary to conduct an investigation into a possible breach of contract, to prevent or detect fraud, or to enforce the law.
LIMITATIONS ON THE COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION
The purposes for which information is collected generally include confirming an individual's identity, creating an employee file, and complying with legal requirements (such as certain information required for tax purposes).
We limit the collection, use, and disclosure of your personal information strictly to the purposes we have communicated to you. Your personal information can only be accessed by authorized individuals, and solely within the scope of their assigned duties.
PERSONAL DATA RETENTION
We retain your personal data only for the period necessary to fulfill the purposes for which it was collected. We are obligated to destroy this information in compliance with legal requirements and our record retention policy. When destroying your personal data, we implement all necessary measures to ensure its confidentiality and prevent unauthorized access during the destruction process.
ACCURACY
Personal data must be accurate, complete, and current to meet the purposes for which it is collected.
Personal data used on an ongoing basis, including data that may be shared with third parties, will generally be accurate and up-to-date, unless specific limitations regarding its accuracy are clearly defined.
We do not routinely update personal data unless it is essential to fulfill the purposes for which it was collected.
The accuracy, currency, and completeness of your personal data will depend on the information you provide when completing the consent to collection form.
ACCOUNTABILITY
We are accountable for the personal data we hold or control, including any data entrusted to third parties for processing. We mandate that these third parties adhere to stringent confidentiality and security standards for this data.
Our Personal Data Protection Officer oversees this privacy policy, its associated processes, and the procedures implemented to safeguard personal data.
Our staff members are informed and appropriately trained on our personal data protection policies and practices.
SECURITY MEASURES
We have implemented and continuously develop robust security measures to ensure your personal data remains strictly confidential and is protected against loss, theft, and any unauthorized access, disclosure, copying, use, or modification.
These security measures include organizational safeguards, such as restricting access to only what is necessary, and backing up and archiving data using an external system. They also include technological measures like the use of passwords and encryption (e.g., frequent password changes and the use of firewalls).
ACCESS TO PERSONAL DATA
Only authorized personnel are permitted to access your personal data. The company ensures that these individuals are qualified to access such information and that their access is essential for the performance of their duties.
REQUESTS FOR ACCESS AND AMENDMENTS TO PERSONAL DATA
You have the right to know if we hold any personal data about you and to access that information. You also have the right to inquire about how this data was collected, used, and to whom it was disclosed.
We will provide you with this information within a reasonable timeframe, calculated from the date we receive your written request. Please note that reasonable fees may apply for processing your request.
Under certain specific circumstances, we may decline to provide the requested information. Exceptions to your right of access include cases where the information pertains to other individuals, cannot be disclosed due to legal, security, or copyright reasons, was obtained during a fraud investigation, can only be retrieved at prohibitive costs, or is subject to litigation or legal privilege.
If we hold medical information about you, we may decline to disclose it directly and instead request that it be sent to a healthcare professional you designate, who will then communicate it to you.
You may verify the accuracy and completeness of your personal data and, if necessary, request amendments. Any request for amendment will be processed within a reasonable timeframe.
All requests for access to or amendment of personal data can be sent to the address below:
PERSONAL DATA PROTECTION OFFICER
Johanne Serpone
COMPLAINTS AND QUESTIONS
You can contact the Privacy Officer at the address mentioned above.
Any complaint regarding the protection of personal information must be directed to the Privacy Officer at the address provided above.
We will investigate all complaints. If a complaint is deemed valid, we will take appropriate measures, including, if necessary, modifying our policies and practices.
TRAINING AND AWARENESS
The company promotes best practices and respect for transparency and personal information protection rights in various ways:
• It informs all its team members (consent form);
• It displays the name and contact information of the person responsible for personal information protection;
• It employs various awareness-raising methods, including:
Information sessions on personal information protection, reminders during team meetings, staff training, an action plan for personal information protection, a logbook, etc.
APPLICATION
If, for any reason, you believe that the Company has not adhered to these principles, please notify us by contacting our Privacy Officer. We will then take the necessary steps to identify and correct the issue within a reasonable timeframe. Please mention 'Privacy Protection' in the subject line.
POLICY UPDATE
This policy must be reviewed every three years. It will also need to be updated in the event of any substantial changes to legislation or regulatory requirements.
Updated: March 16, 2023