OBJECTIVES OF THE POLICY
GLM/GLCS is committed to protecting the confidentiality of personal information collected, held, used or disclosed for legitimate purposes on its customers or employees, by implementing prevention and control measures in accordance with legal standards in force.
This policy is intended to inform all persons concerned with the protection of personal information held by GLM/GLCS.
Employees must read it, understand it, and apply it.
What is a personal information. Information that reveals something about a natural person and that allows him to be identified.
What is not a personal information. Under applicable Act respecting Access to documents held by public bodies and the Protection of personal information, information of a public nature, including work-related, is not considered personal information. This includes, but is not limited to, name, title and function, work address, email address and work telephone number.
The Employer. GLM/GLCS commit to:
- Designate a person responsible for the protection of personal information and make it public.
- Establish policies and practices regarding the governance and protection of personal information.
- Drafting and communicating procedures for receiving and dealing with complaints and questions.
- Communicate and train staff on this policy.
Managers (resource persons). All managers and supervisors in each department monitor compliance with this policy and take care to report to the Privacy Officer any potential risk or non-compliance regarding the protection of personal information. The IT Director is responsible for developing and implementing specific confidentiality procedures.
The Employees. All staff should report any situation that could jeopardize their privacy or that of a colleague or client, as well as any concerns about this policy and its application. Employees authorized to have access to the personal information of customers or other employees must protect it. Any situation of non-compliance must be communicated to the director of his department as soon as possible.
Privacy Officer. The functions of the person named below as Privacy Officer will include ensuring compliance with and implementation of the Privacy Act and responding to any questions or complaints regarding the handling of personal information. The exercise of these functions will be done independently while keeping the framework of the law in force. The Privacy Officer has the necessary resources, namely, human, financial and technical, to facilitate successful GLM/GLCS compliance. It could, at some point, provide for the appointment of relevant substitutes in the event of absence. A notice of delegation will be issued accordingly.
Privacy Officer :
365, rue St-Jean, Suite 103, Longueuil (Quebec) J4H 2X7
Email : [email protected]
Phone: 450-465-0441, Ext. 8224
COLLECTION, HOLDING, USE. DISCLOSURE AND CONSENT ABOUT PERSONAL INFORMATION
Collection and Limiting Collection
- For the purposes of transparency and individual access, GLM/GLCS has clear knowledge of the purposes and means of collecting personal information in the context of its commercial transactions. The reasons for this collection are confirmed as serious and legitimate and only serve the purpose of the file.
- Persons who collect personal information must be able to communicate to the persons concerned the purposes for which information is collected, in simple and clear terms.
- Personal information must be collected from the data subject or from third parties if the data subject consents or as permitted by law. Consent must be manifest, free and informed and given for specific purposes.
Detention (security measures)
- GLM/GLCS has implemented reasonable security measures to protect the information collected, used, disclosed, stored or destroyed.
- The reasonable security measures adopted by GLM/GLCS take into account the sensitivity, purpose, quantity, distribution and medium of personal information.
- Employees who by virtue of their specific functions need to have access to personal information held by GLM/GLCS must read, understand and sign a document of “Commitment on compliance with confidentiality and the protection of personal information”.
Use and Disclosure
- The use of personal information collected by GLM/GLCS must remain confidential and relevant to the purpose. Likewise, they must be kept up-to-date and accurate at the time of their use to make a decision about the data subject.
- Consent will be requested from the person concerned if their personal information must be communicated by GLM/GLCS to third parties, except as provided by law. Consent must be manifest, free, informed and given for specific purposes.
- The framework for employees having access to personal information is described in point 4.2 (paragraph 3).
STORAGE, DESTRUCTION AND ANONYMIZATION OF PERSONAL INFORMATION
- The retention of personal information held by GLM/GLCS will be done according to the legal deadline or the retention schedule established for this purpose by government regulation.
- The method of definitive destruction (when the purpose of their collection is accomplished) or their anonymization to use them for serious and legitimate purposes will be done in a secure manner and will be subject to the type of support (state of presentation) and the level confidentiality of personal information in existence.
RIGHT OF ACCESS AND CORRECTION OF PERSONAL INFORMATION
- Anyone to whom GLM/GLCS holds personal information may request access to it by writing to the person who holds their file.
- If personal information is found to be inaccurate, incomplete, or ambiguous by the person concerned, they may request their correction or rectification by writing to the person who holds their file.
- The request must contain sufficient information to enable GLM/GLCS to identify the personal information and determine the appropriateness of its disclosure, either directly to the person concerned or to an authorized third party (unless otherwise provided by law).
- The written response to any request for access to personal information and rectification received by GLM/GLCS will be made within 30 days of the date of receipt, as established by law.
- Access to personal information is in principle free of charge. However, reasonable fees may be charged for the transcription, reproduction or transmission of documents.
MANAGEMENT OF PRIVACY (SECURITY) INCIDENTS OF PERSONAL INFORMATION
- A Confidentiality (Security) Incident involving personal information may occur when it puts the privacy of an organization’s customers, employees or business partners at risk.
- Occurs when personal information is used for a purpose other than its intended purpose, including:
- When they are collected.
- When they are lost or stolen.
- When they are communicated or consulted without authorization.
Measures to take
GLM/GLCS must act quickly to:
- Identify the causes of the Incident.
- Stop the leak.
- Assess the risk in order to determine its serious harm to the persons concerned while considering the sensitivity of the personal information in question, the context of the incident, the harmful use, the probability of recovery of the personal information, the limitation measures, their future malicious use.
- Inform the persons concerned and the Commission d’accès à l’information du Québec (CAI) if the Incident presents a risk of serious harm.
- Take the reasonable measures necessary to reduce the risk of harm to the persons concerned.
- Prevent such an incident from happening again.
Privacy Incident Log
- GLM/GLCS shall keep a record of Privacy Incidents.
- This policy will be subject to frequent reviews to ensure the effectiveness of the actions, approaches and/or processes established by GLM/GLCS. The most recent version will be available on this site.