Policy on the protection of personal and confidential information
Introduction
OnCode (hereinafter “OnCode”) cares about respecting your privacy and protecting your personal information.
As part of the use of our services, OnCode may collect and you may communicate personal information.
The purpose of this policy is to explain to users of the services offered by OnCode the following elements:
- The way in which their personal data is collected and processed;
- What are their rights with regard to their data;
- Who is responsible for the processing of personal data collected and processed;
- To whom this data is transmitted;
Applicable laws
As part of the use of our services, OnCode may collect and you may communicate personal information. The collection, use, communication and retention of your personal information are subject to the Act respecting the protection of personal information in the private sector. (RLRQ, c. P-39.1).
At the same time, the personal information of a European resident will be processed in accordance with the General Data Protection Regulation (GDPR) of the European Union.
Personal information
Personal information is any information which concerns a natural person and which allows that person to be directly or indirectly identified. This includes, but is not limited to, name, contact and billing information,the information you enter when you create a profile to subscribe to one of our services, your lifestyle or your health.
However, will not be considered as personal information that which concerns the exercise by the person concerned of a function within a company, such as his name, his title and his function, as well as the address, the email address and workplace telephone number.
Nour commitment
We have established and implemented internal policies and procedures aimed at adequately protecting the personal information in our possession regardless of its medium and form. We review them on a regular basis.
We make our employees aware of the importance of protecting personal information by requiring them to receive training on this subject and by occasionally issuing directives highlighting their role and obligations in this regard.
Objectives of information collection
As part of our functions, we collect your personal and confidential information only to enable us to provide you with the requested services in an adequate and personalized manner. In all cases, the communication of your personal and confidential information will be subject to obligations to maintain confidentiality and compliance with applicable laws.
Consent
Subject to the exceptions and requirements of applicable laws, we will not share or disclose your personal information to any other third parties without your consent. By using our services, you consent to the collection, use and disclosure of your personal and confidential information in accordance with this policy. The form of consent may vary depending on the context or service requested.
You may withdraw your consent at any time, subject to certain legal or contractual restrictions.
In certain special circumstances, we may collect, use or disclose personal information without your knowledge or consent. Such circumstances arise, among others, when, for legal, medical or security reasons, it is impossible or unlikely to obtain your consent or when the information is necessary for the purpose of investigating a possible breach of contract , to prevent or detect fraud or to enforce the law.
Before disclosing personal information about another person to us, you must obtain that person’s consent to the disclosure and processing of that personal information under the terms of this policy.
Limits on collection, use and disclosure
Use
We may use the personal information collected, among other things, for the following purposes :
- To provide the requested service;
- To confirm your identity and respond to your requests for information;
- To provide any other additional service associated with the requested service;
- To meet the requirements of laws and regulations;
Disclosure
We may disclose your personal information to any of our employees, professional advisors, suppliers, or contractors or affiliates insofar as reasonably necessary to provide the requested services and for the purposes set out in this policy.
Generally, we do not disclose your personal information. From time to time we may communicate your personal information to certain suppliers or agents in order to provide the services you have requested from us. In all cases, we comply with the restrictions and requirements provided by law when we disclose your personal information.
Your personal information will not be disclosed to third parties other than in accordance with this Privacy Policy, except as required or authorized by law, or as ordered by a court of competent jurisdiction.
We do not sell your personal information to third parties.
International data transfers
The information we collect may be stored, processed and transferred in any country in which OnCode or its subcontractors provide services, to enable us to use the information in accordance with this policy.
The information we collect may be transferred to or processed in Canada, Tunisia and the United States of America.
Personal information that you post on our website or submit for publication may be available, via the Internet, worldwide. We cannot prevent the use, good or bad, of this information by third parties.
You expressly agree to the transfer of personal information described in this section.
Non-personal information
We automatically collect certain non-personal information using third-party analytics programs such as Google Analytics to help us understand how our visitors use our web services, but none of this information identifies you.
Retention of information
When your personal information is no longer required, it is destroyed in accordance with the law and our records retention policy. We may, in certain circumstances, anonymize the personal information we maintain.
Your personal and confidential information is kept, directly or through subcontractors, only for the duration necessary for the purposes of the services requested and the applicable legal and regulatory requirements. We require our subcontractors to subscribe to confidentiality commitments and apply policies equivalent to this one. In all cases, access to your personal and confidential information is restricted to persons for whom access is required in the exercise of their functions.
Responsibility
We are responsible for the personal information that we have in our possession or that is in our custody, including information that we entrust to third parties for the purposes of providing you with the service requested. We require these third parties to maintain this information under strict confidentiality and security standards.
We adhere to the principles set out by law. We have implemented policies and guidelines that ensure your privacy is protected. The personal information protection manager supervises this personal information protection policy as well as the company’s various frameworks.
Our staff is informed and adequately trained on policies and practices regarding the protection of personal information.
Security measures
We have implemented several security measures with respect to the personal information and confidential data we hold in order to protect it against loss, theft and to prevent access, transmission, use or modification. unauthorized access to this personal information, in particular by the following subsections:
Secure computing environments
The infrastructure and equipment are hosted in a secure environment in a data center located in Quebec, Canada. In cases where it is impossible to host a solution or service in Quebec, we ensure that security measures equivalent to or superior to those required by this Policy are put in place.
Access to OnCode web services is via a transmission channel secured by an SSL certificate (HTTPS).
Access management
Only employees whose tasks require it have access to personal or confidential information.
Destruction
OnCode ensures physical and technological security for the personal information it retains in order to prevent accidental destruction, loss and disclosure as well as inappropriate destruction.
We retain your personal information for as long as necessary for the purposes for which it was collected. We must destroy or anonymize this information in accordance with the law and our retention schedule. When we destroy or anonymize your personal information, we take necessary measures to ensure its confidentiality and ensure that no unauthorized person can access it during the destruction or anonymization process.
Management of incidents involving personal information
If OnCode has reason to believe that a confidentiality incident involving personal information has occurred and that there is a risk that serious harm will be caused by the incident, OnCode will promptly notify the Commission of access to information as well as any person whose personal information is affected by the incident. It may also notify any person or organization likely to reduce this risk, by communicating only the personal information necessary for this purpose without the consent of the person concerned. In all cases, a log will document the incident for reference purposes.
User rights
Request for access, removal or correction
You may, subject to any regulatory or contractual restrictions, view, correct or destroy the personal information we hold about you via this form.
We will send you such information within a maximum period of 30 days from the date of receipt of the written request and in a structured and commonly used technological format. However, fees may be charged to process your request.
You can check the accuracy and completeness of your personal information and, if necessary, request modification. Any request for modification will be processed within the framework of the law.
Data portability
The user has the right to request the portability of his personal data, held by OnCode, to another site.
Requests, complaints and questions
We are committed to answering your questions and concerns regarding the protection of your personal information. If you are not satisfied with the response, you can contact the Privacy Officer at the above address.
Contact details
Any request or complaint regarding the protection of personal information must be sent to the Personal Information Protection Officer at the address below :
Responsible for the protection of personal information
Patricio Ponce
OnCode
6830 Park Ave
Montreal, QC
H3N 1W7
(514) 447-2576