Protection of personal information policy
This policy aims to ensure the protection of personal information and to define the procedures for collecting, using, disclosing, retaining, destroying and managing information by Prosomo, which includes management, employees, suppliers, etc. Moreover, it aims to inform anyone concerned about how their personal information is processed by Prosomo, whether it be customers, employees, or any other individuals.
Prosomo assumes full responsibility for the protection of personal information under its control. Information collected, used, disclosed, retained, or destroyed is governed by this policy in order to protect the privacy of every individual.
To ensure the optimal protection of personal information, Prosomo’s Privacy Officer shall:
- Oversee and review internal practices and procedures for processing personal information as well as compliance with current laws;
- Suggest measures to ensure ongoing protection of personal information in line with Privacy Impact Assessments;
- Implement necessary measures within the business to ensure the protection of information;
- Ensure staff compliance and training in best practices for protecting personal information.
- Coordinate, investigate, and respond to inquiries and complaints about personal information protection;
- Communicate with the concerned individual(s) and the Access to Information Commission (CAI) in case of a data leak or any incident;
- Keep a record of personal data-related incidents.
The protection of personal information is everyone’s business. No retaliation can be made against an individual who files a complaint about the protection of personal information or participates in a CAI investigation procedure.
COLLECTION OF PERSONAL INFORMATION
Personal information collected allows Prosomo to carry out its functions and activities in accordance with applicable laws and standards. Prosomo collects personal information only when necessary and to serve specific, predefined purposes. Personal information is collected directly from the concerned individual and with their consent unless an exception is provided for by law.
A non-exhaustive list of the information collected and its intended use is provided in Appendix A. The majority of personal information collected pertains to employees in order to meet the business’s legal obligations. Personal information about other individuals may be requested in order to assist employees in case of emergency, for example. It is up to the employees to obtain their consent before providing us with their contact details.
As far as customer information is concerned, data is provided to feed our CRM, contracts, and invoicing, but it is mostly information of a professional or business nature such as email and phone numbers for contact or payment method for rendered services. Payment information is, as often as possible, entered by the customer into the CRM and is masked for the rest of the business employees to ensure confidentiality. For clients who have filled out a form including their credit card or their business or professional bank account number, the data is accessible only to a small number of employees such as administration and owners to process files.
CONSENT AND ACCURACY OF PERSONAL INFORMATION
Prosomo ensures that the collection of personal information is done for justified, clear, and specific reasons and with the free and informed consent of the person. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will ensure that we obtain your informed consent in a clear and separate written form, providing clear details about the purpose of the collection and how the information will be used. Your consent is essential to ensure the protection of your personal data.
LIMITATION ON THE USE OF PERSONAL INFORMATION
We collect and use your personal information only when necessary and for the purposes for which consent was obtained. Prosomo must provide certain information in order to meet the legal and regulatory verification processes and requirements. The use may vary but could serve different purposes as illustrated in Appendix A.
Information may be transmitted to third parties to the extent necessary for the purposes of the activities mentioned in Appendix A. Prosomo cannot be held responsible for the behavior and usage undertaken by third parties.
Personal information will not be used or disclosed for other purposes than for specific objectives, unless required by law.
PROTECTION OF YOUR PERSONAL INFORMATION
Prosomo takes all reasonable precautions and has implemented significant physical and technical measures to prevent unauthorized or illegal use of, and access to, personal information. The measures in place include, among others:
- Use of information only when necessary ;
- Ensure the confidentiality and protection of personal information that someone may have learned in the course of their duties, unless authorized to disclose it by the person concerned ;
- Protection files with selective and limited access to authorized persons ;
- Secure access to offices with locked doors and access codes ;
- Secure shredding of paper files ;
- Two-factor authentication for all platform connections;
- Immediate withdrawal of access following the end of a business relationship.
All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify the Privacy Officer.
RETENTION PERIOD FOR YOUR PERSONAL INFORMATION
Prosomo undertakes to comply with the minimum retention periods provided by the category of personal information and applicable laws. However, if the information collected is no longer useful to Prosomo and its retention is not necessary or mandatory according to different legislative frameworks, it will be destroyed, erased, or converted in such a way as to remain anonymous.
COMMITMENT TO TRANSPARENCY
Prosomo is committed to being transparent about the processing, procedures, and purposes for which personal information is used with customers, employees, interns and business partners.
ACCESS TO YOUR PERSONAL INFORMATION
A person may request access to his or her personal information and the means by which it was collected. Depending on the content of the person’s file, exceptions may be applicable, such as personal information about a third party, however, the person will be informed. In case of inaccurate information in the file, the person concerned may request its correction.
For any consultation, withdrawal, and/or modification of personal information, please write to email@example.com. At any time, you can withdraw your consent to the communication of your personal information. A written request must be submitted to the Privacy Officer at firstname.lastname@example.org. A response will be provided to you within 30 days of receipt. When it is not possible to share the requested information, legal justification and support must be provided to back up the decision to the requester.
A person who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a way that is not in accordance with the provisions of this policy, may file a confidential complaint with the Privacy Officer at email@example.com. The individual must provide their name, contact details, including a phone number, and the subject and grounds for the complaint. It is necessary to provide sufficient details for the complaint to be properly assessed. A response will be provided within 30 days following the date of receipt of the complaint. If the complaint is insufficiently specific, the Privacy Officer may request any additional information deemed necessary to evaluate the complaint. The Privacy Officer will conduct an investigation into the received complaints, minimize any possible damage, and make the necessary corrections.
You may also file a complaint with the Commission for Access to Information. However, Prosomo encourages concerned individuals to first communicate with the Privacy Officer and wait for the conclusion of the planned management process.
This policy is approved by the Privacy Officer at Prosomo.
95 Boulevard de la Technologie, Suite 103
Gatineau (Québec) J8Z 3G4
For all requests, questions or comments relating to this policy, please contact the person responsible by email.
Purposes for which information is retained
Recruitment information, such as curriculum vitae, educational and professional background, details of previous employers to verify employment for potential recruitment.
Internal management (resume evaluation)
Information to be included in the employee file, such as first and last name, contact details, SIN, salary, bank details, employment or internship contract, emergency contacts, etc.
Internal management (example : payroll, operations, legal obligations, CNESST, RRSP, pay equity, performance review, etc.)
Customers and suppliers
Accounting, CRM and project management systems
Details of services requested and/or provided.
Billing and financial information, such as a billing address, bank account information or payment details.
Internal management (IT services, cybersecurity, billing, project management, communication, information collection as part of a program, contracts, service agreements, etc.)