Personal Information Protection Policy
The primary objective of this policy is to ensure the protection of personal information while establishing clear guidelines for the collection, use, disclosure, retention, destruction, and management of data within PROSOAKI. This applies to all stakeholders, including management, employees, suppliers, etc. In addition, this policy aims to inform any concerned person, whether customers, employees or other individuals, about how PROSOAKI processes their personal information.
Responsibility
PROSOAKI assumes full responsibility for the protection of personal information under its control. Information collected, used, disclosed, retained, or destroyed is governed by this policy for the primary purpose of preserving each individual’s privacy.
To ensure the optimal protection of personal information, the Privacy Officer at PROSOAKI shall:
- Oversee and review internal practices and procedures for processing personal information as well as compliance with current laws;
- Suggest measures to ensure the ongoing protection of personal information in line with Privacy Impact Assessments;
- Implement necessary measures within the business to ensure the protection of information;
- Ensure staff compliance and training in best practices for protecting personal information.
- Coordinate, investigate, and respond to requests and complaints relating to personal information protection;
- Communicate with the concerned individual(s) and the Commission d’accès à l’information (CAI) in the event of a data leak or any incident;
- Keep a record of incidents related to personal data.
The protection of personal information is everyone’s responsibility. No retaliation may be taken against an individual who files a complaint regarding the protection of personal information or who participates in a CAI investigation process.
Collection of personal information
The personal information collected enables PROSOAKI to perform its functions and conduct its activities in accordance with applicable laws and standards. PROSOAKI collects personal information only when necessary and for specific, predefined purposes. Personal information is collected directly from the concerned individual and with their consent, unless an exception is provided for by law.
A non-exhaustive list of the information collected and its intended use is provided in Appendix A. The majority of personal information collected pertains to employees in order to meet the business’s legal obligations. Personal information about other individuals may be requested in order to assist employees in case of emergency, for example. It is the responsibility of employees to obtain their consent before providing us with their contact details.
As far as customer information is concerned, data is supplied to feed our files, management software, contracts and invoicing. We attach the utmost importance to the confidentiality and security of our customers’ data. All information collected, whether contact details or other personal information, is treated with the utmost rigor and in compliance with current laws and regulations on the protection of personal information. Our team is committed to implementing robust security measures to prevent unauthorized access, as well as regularly training our staff on best practices in data confidentiality. We regard the protection of our customers’ personal information as a fundamental responsibility to ensure their well-being and their trust in our services.
Consent and accuracy of personal information
PROSOAKI ensures that the collection of personal information is done for justified, clear, and specific reasons and with the free and informed consent of the person. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will ensure that we obtain your informed consent in a clear and separate written form, providing clear details about the purpose of the collection and how the information will be used. Your consent is essential to ensure the protection of your personal data.
Limitation on the use of personal information
We collect and use your personal information only when necessary and for the purposes for which consent was obtained. PROSOAKI must provide certain information in order to meet legal and regulatory verification processes and requirements. The use may vary but could serve different purposes as illustrated in Appendix A.
Information may be transmitted to third parties to the extent necessary for the purposes of the activities mentioned in Appendix A. PROSOAKI cannot be held responsible for the behavior and usage undertaken by third parties.
Personal information will not be used or disclosed for purposes other than the specific objectives for which it was collected, unless required by law.
Protection of your personal information
PROSOAKI takes all reasonable precautions and has implemented significant physical and technical measures to prevent unauthorized or illegal use of, and access to, personal information. The measures in place include, among others:
- Use of information only when necessary;
- Ensuring the confidentiality and protection of personal information that a person may have become aware of in the course of their duties, unless authorized by the person concerned to disclose it;
- Protecting files with selective and limited access for authorized persons only;
- Securing access to offices with locked doors and access codes;
- Secure shredding of paper files;
- Two-factor authentication for all platform connections;
- Immediate withdrawal of access following the end of a business relationship.
All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify the Privacy Officer.
Retention period for your personal information
PROSOAKI undertakes to comply with the minimum retention periods provided for each category of personal information and applicable laws. However, if the information collected is no longer useful to PROSOAKI and its retention is not necessary or mandatory according to the various legislative frameworks, it will be destroyed, erased, or converted in such a way as to remain anonymous.
Commitment to transparency
PROSOAKI is committed to being transparent about the processing, procedures and purposes for which personal information is used with customers, employees, interns, and business partners.
Access to your personal information
An individual may request access to their personal information and to the means by which it was collected. Depending on the content of the person’s file, exceptions may apply, such as personal information about a third party; however, the person will be informed. In case of inaccurate information in the file, the person concerned may request its correction.
For any consultation, withdrawal, and/or modification of personal information, you may write to support@prosoaki.com. At any time, you may withdraw your consent to the communication of your personal information. A written request must be submitted to the Privacy Officer at support@prosoaki.com. A response will be provided within 30 days following the date of receipt. When it is not possible to share the requested information, legal justification and supporting information must be provided to back up the decision to the requester.
Complaints
A person who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a way that is not in accordance with the provisions of this policy may file a confidential complaint with the Privacy Officer at support@prosoaki.com. The individual must provide their name, contact details, including a phone number, as well as the subject and reasons for the complaint. It is necessary to provide sufficient detail for the complaint to be properly assessed. A response will be provided within 30 days following the date of receipt of the complaint. If the complaint is insufficiently specific, the Privacy Officer may request any additional information deemed necessary to evaluate the complaint. The Privacy Officer will conduct an investigation into the complaints received, minimize any potential damage and make the necessary corrections.
You may also file a complaint with the Commission d’accès à l’information du Québec. However, PROSOAKI encourages concerned individuals to first communicate with the Privacy Officer and wait for the conclusion of the planned management process.
Approval
This policy is approved by the Privacy Officer at PROSOAKI.
Privacy Officer
Head of Data Management
95 boul. de la technologie, Suite 103,
Gatineau, QC, J8Z3G4
support@prosoaki.com
For all requests, questions or comments relating to this policy, please contact the Privacy Officer by email.
Appendix A
| Concerned individuals | Information categories | Information types | Purposes for which information is retained |
|---|---|---|---|
| Employees | Recruitment | Recruitment information, such as curriculum vitae, educational and professional background, details of previous employers to verify employment for potential recruitment. |
Internal management (evaluation of applications) |
| Staffing | Information to be included in the employee file, such as first and last name, contact details, SIN, salary, bank details, employment or internship contract, emergency contacts, etc. |
Internal management (e.g. payroll, operations, legal obligations, CNESST, RRSP, pay equity, performance review, etc.) |
|
| Customers and suppliers | Accounting, CRM and project management systems |
Details of services requested and/or provided. Billing and financial information, |
Internal management (IT services, cybersecurity, billing, project management, communication, information collection as part of a program, contracts, service agreements, etc.) |