Personal Information Protection Policy - English Translation
Businesses must establish policies and practices to comply with obligations regarding confidentiality and protection of personal information they collect.
This policy is established in accordance with the Quebec Act respecting the protection of personal information in the private sector (CQLR c. P-39.1).
It governs how personal information is collected, used, disclosed, stored, protected, and destroyed.
Personal information refers to any information concerning a natural person that allows that person to be identified directly or indirectly.
Examples include name, age, home address, personal email address, IP address, marital status, financial information, SIN, banking information, tax returns, insurance contracts, medical records, and family information.
A designated person is responsible for enforcing this policy and ensuring compliance with applicable privacy laws.
This person is also responsible for training staff and handling requests for access, correction, or complaints relating to personal information.
The Commission d acces a l information du Quebec oversees compliance with the private sector privacy legislation.
Before collecting personal information, individuals must be informed of the purposes of collection, the methods used, their rights of access and correction, and their right to withdraw consent.
The firm collects only the personal information necessary to fulfill its mandate and only with valid consent unless otherwise permitted by law.
Information may include identity information, health information, insurance records, financial information, employment information, communications with the firm, and other information required by law.
Personal information is used only for the purposes for which it was collected and may be shared internally or with partners when necessary to perform services.
Personal information is generally stored in Quebec or Canada and may be held in digital or paper formats with appropriate safeguards.
Security measures may include restricted physical access, encryption, multi factor authentication, firewalls, access logs, and staff training.
Information is retained only as long as necessary to fulfill its purpose and comply with legal obligations.
Client files in the insurance sector are typically retained for at least five years after closure.
When the retention period expires, personal information is securely destroyed.
Individuals have the right to access their personal information, correct inaccuracies, withdraw consent, or request deletion subject to legal obligations.