Home / Privacy Policy
The main purpose of this policy is to ensure the confidentiality of personal data, while establishing clear guidelines for the collection, use, disclosure, retention, deletion, and management of information by Ax-One. This includes all stakeholders, including management, employees, suppliers, and others. In addition, this policy is intended to inform anyone concerned about how Ax-One handles their personal data, whether they are clients, employees, or other individuals.
RESPONSIBILITY
Ax-One fully assumes responsibility for safeguarding the personal data under its control. Information collected, used, disclosed, retained, or destroyed is subject to the guidelines of this policy in order to protect the privacy of all individuals concerned.
To ensure optimal protection of personal data, Ax-One’s Data Protection Officer must:
Protecting personal data is everyone’s responsibility. No retaliatory measures may be taken against a person who files a complaint regarding the protection of personal data or participates in an investigation conducted by the CAI.
COLLECTION OF PERSONAL DATA
The collection of personal information is used to facilitate Ax-One’s operations and ensure compliance with applicable laws and standards. Ax-One collects personal information only when it is necessary for specific purposes that are clearly defined in advance. As a rule, personal data is collected directly from the individual concerned, with their consent, unless the law provides an exception.
Please refer to Appendix A for a non-exhaustive list of the information collected and the purposes for which it is used. Most of the personal information collected relates to employees, in order to meet the company’s legal obligations. In certain emergency situations, the disclosure of personal information to other individuals may be requested to assist employees. Employees are responsible for obtaining prior consent from these individuals before providing us with their contact details.
With respect to client information, certain data is collected to feed our CRM and to manage contracts and billing. This is mainly professional or business-related information, such as the email address and phone number used to contact them, as well as payment information for the services provided. Payment information is generally entered by the client in the CRM and is masked for the rest of the company’s members, thereby ensuring its confidentiality. If clients provide sensitive information such as credit card numbers or professional bank account numbers, only a few employees—such as administration team members and owners—have access to this data for file processing purposes.
CONSENT AND ACCURACY OF PERSONAL INFORMATION
Ax-One ensures that the collection of personal data is carried out for legitimate, transparent, and specific reasons, and with the free and informed consent of the individual concerned. Consent is required prior to any collection, use, or disclosure of personal data. Before collecting personal information, we undertake to obtain your informed consent explicitly and in writing. We will provide clear information regarding the purpose of the collection and how the information will be used. Your consent plays an essential role in protecting your personal data.
LIMITATION ON THE USE OF PERSONAL INFORMATION
We collect and use your personal data only when necessary and in accordance with the purposes for which you gave your consent. Ax-One must provide certain information in order to comply with verification processes and legal and regulatory obligations. The use of this information may vary, as illustrated in detail in Appendix A.
Information may be shared with third parties to the extent necessary to achieve the specific purposes described in Appendix A. It is important to note that Ax-One cannot be held responsible for the conduct and use of data by these third parties.
We undertake not to use or disclose your personal data for purposes other than those specifically defined, unless required by law.
PROTECTING YOUR PERSONAL INFORMATION
Ax-One takes all reasonable measures and has implemented significant physical and technical safeguards to prevent unauthorized or unlawful use of, or access to, personal data. These measures include, in particular:
– Using personal data only when necessary.
– Ensuring the confidentiality and protection of personal data that a person may become aware of in the course of their duties, unless expressly authorized by the individual concerned.
– Securing files with access limited to authorized persons only.
– Protecting premises with locks and access codes.
– Secure shredding of paper documents.
– Implementing two-factor authentication for all platform logins.
– Immediately removing access following the end of a business relationship.
Everyone is required to contribute to the protection of personal data. If there is any suspicion that sensitive data has been compromised, it is imperative to immediately report the incident to the person responsible for personal data protection.
RETENTION PERIOD FOR YOUR PERSONAL INFORMATION
Ax-One undertakes to comply with the minimum retention periods provided for, depending on the nature of the personal data and applicable regulations. However, if the information collected is no longer relevant to Ax-One and its retention is neither necessary nor required under various legal provisions, it will be deleted, erased, or anonymized to preserve its confidential nature.
COMMITMENT TO TRANSPARENCY
Ax-One undertakes to ensure full transparency regarding the processing, procedures, and purposes for using personal data for its clients, employees, interns, and business partners.
ACCESS TO YOUR PERSONAL INFORMATION
A person has the right to request access to their own personal data as well as information on how it was collected. Certain exceptions may apply depending on the contents of the file, in particular if it contains personal information about other individuals, but the person concerned will be informed of these exceptions. If inaccurate information appears in the file, the person may request that it be corrected.
For any consultation, withdrawal, or modification of personal data, please contact our Data Protection Officer at the following email address: in**@****ne.ca. You also have the right to withdraw your consent at any time for the disclosure of your personal data. To do so, please submit a written request to our Data Protection Officer at in**@****ne.ca. You will receive a response within 30 days of receipt of your request. If it is impossible to provide the requested information, a legal justification and support will be provided to explain the decision to the requester.
FILE A COMPLAINT
Any person who believes that their personal data has been collected, retained, used, disclosed, or destroyed in violation of this policy may file a confidential complaint with our Data Protection Officer at the following email address: in**@****ne.ca. For the complaint to be handled properly, the individual must provide their name, contact details, including a phone number, as well as the subject and reasons for the complaint. Sufficient details must be provided to allow an appropriate assessment of the complaint. You will receive a response within 30 days of receipt of the complaint. If the complaint lacks precision, the Data Protection Officer may request additional information to assess the complaint. The officer will conduct an investigation into the complaints received, take measures to minimize harm, and make the necessary corrections.
It is also possible to file a complaint with the Commission d’accès à l’information du Québec. However, we encourage individuals concerned to first contact our Data Protection Officer and wait for the conclusion of the internal handling process provided for.
APPROVAL
This policy is approved by Ax-One’s Data Protection Officer.
Person responsible for the protection of personal information:
160, boul. de l’Hôpital, Suite 502, Gatineau, Quebec, J8T 8J1
in**@****ne.ca
For any request, question, or comment regarding this policy, please contact the person responsible by email.
APPENDIX A
Individuals concerned | Types of information | Purposes for which the information is retained |
Employees, subcontractors, coaches/consultants/trainers | Information to be included in the employee file, such as first and last name, contact details, SIN, compensation, and banking information. Recruitment-related information, such as a résumé, information on educational and professional background, and details about previous employers for employment verification for potential recruitment. | Internal management (payroll operations, legal obligations, CNESST, RRSP, pay equity, performance management). Information regarding their business number and tax numbers. |
Clients/suppliers | Information relating to privacy and professional life. First and last name, financial details, health, family, psychological and behavioral issues and difficulties, purpose and objectives. | Internal management, file follow-up. Assessment of issues and performance. Internal management (IT services, cybersecurity, billing, project management, communications management, information gathering as part of a program, contract and service agreement. |
Privacy policy