Last revised: October 24, 2023.
Rampes et Balcons is committed to safeguarding the personal information it holds. Personal information is confidential, except as required by law. Anyone with access to personal information held by the Rampes et Balcons must take the necessary steps to ensure its protection and confidentiality. This policy and its related procedures outline the measures to be taken to reduce the risks of a confidentiality breach, determine its handling when necessary, and prevent similar incidents from occurring in the future.
1.INFORMATION COLLECTION BASED ON BUSINESS RELATIONSHIP AND SERVICES RENDERED NEEDS.
In the context of the services provided to its clients or for marketing purposes, the Rampes et Balcons collects certain information, which may include personal data. This information can be obtained through the voluntary disclosure of individuals during our communications or through technological applications (forms, emails, applications, or others). This information is used to sell products, provide services, or make offers.
By providing this information to the Rampes et Balcons or by using the technological means on our website, social networks, or any applications or services offered by the Rampes et Balcons, you consent to the collection and use of this information.
The Rampes et Balcons strives (and only if required for our activities) to exchange or transmit this information to reliable partners for whom we have ensured that they apply satisfactory security and confidentiality measures. To the extent possible, all information is stored on servers in Quebec or at least within Canada.
Every individual has the right to obtain details of the information held about them and to request corrections if necessary.
2.INFORMATION RETENTION AND DESTRUCTION
On request, any individual can obtain details about the methods of storing their personal information, including who has access to it, its usage, and the duration of retention before the information is destroyed.
3.CONFIDENTIALITY INCIDENT AND PROCEDURE
The following procedure outlines the steps to be taken when the Rampes et Balcons has reasonable grounds to believe that a confidentiality incident has occurred (or if such an incident is confirmed) involving personal information it holds, in accordance with the Private Sector Privacy Act, Chapter P-39.1, and the Privacy Incident Regulations.
4.DEFINITIONS
Here are the definitions to be considered for the application of this procedure, which may be supplemented by any other regulations, policies, directives, or procedures referencing them:
Confidentiality Incident: Unauthorized access, use, or disclosure of personal information as prohibited by law, as well as its loss or any other form of breach of its protection.
Here are some examples:
Personal Information: Any information concerning an individual that allows for their identification. A person’s name, in isolation, is not considered personal information. However, when this name is associated or linked with another piece of information pertaining to the same individual, it then becomes personal information.
Here are some examples of personal information:
Sensitive Personal Information: Personal information is considered sensitive when, by its nature, especially when it’s medical, biometric, or otherwise intimate, or due to the context of its use or disclosure, it gives rise to a high degree of reasonable privacy expectations.
This may include, for example, medical, biometric, genetic, or financial information, as well as information about ethnic origin, political beliefs, life or sexual orientation, or religious convictions.
5.PERSONAL INFORMATION PROTECTION
The Rampes et Balcons implements appropriate and reasonable security measures to protect personal information against loss or theft, as well as against unauthorized access, disclosure, copying, use, or alteration as prohibited by law. Only staff members who absolutely need access to personal information in the course of their duties are authorized to access it.
Staff members of the Rampes et Balcons or those working on its behalf must:
6.CONFIDENTIALITY INCIDENT REPORTING
Anyone to whom the Rampes et Balcons discloses personal information (colleagues, suppliers, partners, experts, including subcontractors) must report an incident of confidentiality if they have reasonable grounds to believe that a confidentiality incident involving personal information held by the Rampes et Balcons has occurred. To do so, this report must be made without delay to the person responsible for the protection of personal information.
A staff member of the Rampes et Balcons who has reasonable grounds to believe that a confidentiality incident involving personal information held by the Rampes et Balcons has occurred must also notify their immediate supervisor.
Any serious incident involving a large number of individuals or sensitive information that could cause significant harm must be reported to the Commission d’accès à l’information (Access to Information Commission) as soon as it becomes known.à
7.PERSON RESPONSIBLE FOR PERSONAL INFORMATION: ROLES AND RESPONSIBILITIES
The individual responsible for the protection of personal information for the Rampes et Balcons can be reached at the following contact information:
Their role includes:
In the event of a confidentiality incident, the person responsible for the protection of personal information takes charge of managing the incident and collaborates with any other relevant individuals depending on the nature of the incident.
In this capacity, :
8.INCIDENT LOG FOR CONFIDENTIALITY INCIDENTS
Rampes et Balcons is required to maintain a record of confidentiality incidents.
8.1 Retention Period for Information in the Register
The information contained in the register must be kept up to date and retained for the longer of the two following periods: for a minimum of five years from the date Rampes et Balcons became aware of the incident or the period required by any government agency or applicable law and regulation.
9.COMPLAINTS REGISTER AND THEIR HANDLING
Rampes et Balcons is required to maintain a complaints register and record the handling of complaints.
9.1 Retention Period for Information in the Register
The information contained in the register must be kept up to date and retained for the longer of the two following periods: for a minimum of five years from the date Rampes et Balcons became aware of the incident or the period required by any government agency or applicable law and regulation.
10.EFFECTIVE DATE
This policy and its procedures come into effect on September 22, 2023.
11.CONTACT US
If you have any questions about our privacy policy, want to exercise your rights as outlined above, file a complaint, or update your personal information, please contact our person responsible for personal information protection in the following way:
By email: info@rampesetbalcons.com
By mail: Rampes et Balcons, Attn: Person Responsible for the Personal Information Protection Policy, 775 Côte Saint-Gabriel Est St-Sauveur, Quebec J0R 1R7. We will make our best efforts to process your request promptly.