Protection of personal information policy

PRIVACY POLICY

The primary objective of this policy is to ensure the preservation of the confidentiality of personal data, while establishing clear guidelines for the collection, use, disclosure, retention, deletion and management of information by Ax-One. This includes all stakeholders, including management, employees, suppliers and others. In addition, this policy is intended to inform all data subjects about how Ax-One handles their personal data, whether they are customers, employees, or other individuals.

RESPONSIBILITY

Ax-One assumes full responsibility for the preservation of personal data under its control. Information collected, used, communicated, retained or disposed of is subject to the guidelines of this policy with the aim of preserving the privacy of all persons concerned.

In order to guarantee optimum protection of personal data, Ax-One’s Data Protection Officer must:

  1. Regularly monitor and evaluate internal personal data processing practices and procedures, as well as compliance with applicable laws.
  2. Propose measures to maintain ongoing protection of personal data, in accordance with Privacy Impact Assessments.
  3. Implement the necessary actions within the company to ensure data security.
  4. Ensure compliance and provide training to staff on best practices in personal data protection.
  5. Coordinate, investigate and respond to requests and complaints relating to the protection of personal data.
  6. Communicate with data subjects and the Commission d’accès à l’information (CAI) in the event of a data breach or incident.
  7. Maintain a register of confidentiality incidents and, at the request of the Commission d’accès à l’information (CAI), send it a copy

 

The protection of personal data is everyone’s business. No retaliatory measures may be taken against a person filing a complaint relating to the protection of personal data or participating in an investigation conducted by the CAI.

COLLECTION OF PERSONAL DATA

Personal information is collected to facilitate Ax-One’s operations and to ensure compliance with applicable laws and standards. Ax-One collects personal information only when it is necessary for specific and clearly defined purposes. In principle, personal data is collected directly from the person concerned, with his/her consent, unless the law provides for an exception.

Please refer to Appendix A for a non-exhaustive list of data collected and the purposes for which it is used. The majority of personal information collected concerns employees, in order to meet the company’s legal obligations. In certain emergency situations, the communication of personal information to other individuals may be requested to assist employees. It is the responsibility of employees to obtain the prior consent of these individuals before providing us with their contact information.

With regard to customer information, certain data is collected to feed our CRM, manage contracts and invoicing. This mainly concerns professional or company-related information, such as e-mail address and telephone number for contact purposes, as well as payment information for services provided. Payment information is generally entered by the customer into the CRM and is hidden from the rest of the company, guaranteeing confidentiality. In cases where customers provide sensitive information such as credit card or business bank account numbers, only a few employees, such as members of the administration and owners, have access to this data for the purposes of processing files.

CONSENT AND ACCURACY OF PERSONAL INFORMATION

Ax-One guarantees that the collection of personal data is undertaken for legitimate, transparent and specific reasons, with the free and informed consent of the person concerned. Consent is required prior to any collection, use or disclosure of personal data. Before collecting any personal information, we undertake to obtain your informed consent explicitly and in writing. We will provide you with clear information about the purpose of the collection and how the information will be used. Your consent plays an essential role in protecting your personal data.

LIMITS ON THE USE OF PERSONAL INFORMATION

We collect and use your personal data only when necessary and in accordance with the purposes for which you have given your consent. Ax-One must provide certain information in order to comply with legal and regulatory verification processes and obligations. The use of this information may vary, as detailed in Appendix A.

Information may be shared with third parties to the extent necessary to achieve the specific purposes described in Appendix A. It is important to note that Ax-One cannot be held responsible for the behavior and use of data by these third parties.

We undertake not to use or disclose your personal data for purposes other than those specifically defined, unless required by law.

PROTECTION OF YOUR PERSONAL INFORMATION

Ax-One takes all reasonable steps and has implemented extensive physical and technical measures to prevent unauthorized or unlawful use of and access to personal data. These measures include, but are not limited to:

– Using personal data only when necessary.

– Ensuring the confidentiality and protection of personal data that may have come to the knowledge of a person in the course of his or her duties, except with the express authorization of the person concerned.

– Secure files, with access restricted to authorized persons only.

– Protecting premises with locks and access codes.

– Secure shredding of paper documents.

– Double authentication for all platform connections.

– Immediate withdrawal of access upon termination of a business relationship.

Everyone is required to contribute to the protection of personal data. If you suspect that sensitive data has been compromised, you must immediately report the incident to the Data Protection Officer.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

Ax-One undertakes to comply with the minimum retention periods stipulated according to the nature of the personal data and the regulations in force. However, if the information collected is no longer relevant to Ax-One and its retention is neither necessary nor mandatory under the various legal provisions, it will be deleted, erased or made anonymous to preserve its confidential nature.

COMMITMENT TO TRANSPARENCY

Ax-One is committed to ensuring full transparency regarding the processing, procedures and purposes of use of personal data for its customers, employees, trainees and business partners.

ACCESS TO YOUR PERSONAL INFORMATION

An individual has the right to request access to his or her own personal data as well as information on how it was collected. Certain exceptions may apply depending on the content of the file, particularly if it contains personal information about other individuals, but the person concerned will be informed of these exceptions. If inaccurate information appears in the file, the person concerned may request that it be corrected.

For any consultation, withdrawal or modification of personal data, please contact our Data Protection Officer at the following e-mail address: info@ax-one.ca. You also have the right to withdraw your consent to the communication of your personal data at any time. To do so, please submit a written request to our Data Protection Officer at info@ax-one.ca. You will receive a reply within 30 days of receipt of your request. If we are unable to provide the requested information, legal justification and support will be provided to explain the decision to the requester.

COMPLAINTS

Anyone who believes that their personal data has been collected, stored, used, disclosed or destroyed in breach of the provisions of this policy may lodge a confidential complaint with our Data Protection Officer at the following e-mail address: info@ax-one.ca. In order for the complaint to be dealt with appropriately, the individual must provide his or her name, contact details, including a telephone number, as well as the subject and grounds of the complaint. Sufficient details must be provided to enable a proper assessment of the complaint. You will receive a response within 30 days of receipt of the complaint. If the complaint lacks precision, the Data Protection Officer may request additional information to assess the complaint. The Data Protection Officer will investigate complaints received, take steps to minimize harm and make any necessary corrections.

It is also possible to file a complaint with the Commission d’accès à l’information du Québec. However, we encourage those concerned to first contact our Data Protection Officer and await the conclusion of the planned internal handling process.

APPROVAL

This policy has been approved by Ax-One’s Data Protection Officer.

Data Protection Officer :

160 blv de l’hopital, Gatneau, suite 502, J8T8J1

info@ax-one.ca 

For any request, question or comment regarding this policy, please contact the person responsible by e-mail at info@ax-one.ca

APPENDIX A

Persons concerned

Information types

Purposes for which information is kept

Employees, subcontractors, coaches/consultants/trainers

Employee file information, such as first and last name, contact details, SIN, remuneration, bank details.

Recruitment information, such as resume, educational and professional background, details of previous employers for employment verification for potential recruitment.

Internal management (payroll operations, legal obligations, CNESST, RRSPs, pay equity, performance management) Information concerning their company and tax numbers.

Customers/suppliers

Personal and professional information. Last name, first name, financial details, health, family, psychological and behavioral problems and difficulties, goals and objectives.

Internal management, file follow-up. Evaluation of issues and performance.

Internal management (IT services, cybersecurity, billing, project management, communication management, information gathering as part of a program, contracts and service agreements.