Protection of Personal Information
Summary of Policies and Practices of Nucleom inc.
Nucleom Inc. (the “Company”) recognizes the importance of protecting personal information and is concerned about how it handles such information.
It therefore undertakes to collect, use, communicate and retain only such personal information as is necessary for the performance of its activities and in the course of its business.
The Company has adopted a policy on the protection of personal information, applies it in the course of its business, and has designated, in accordance with the Act Respecting the Protection of Personal Information in the Private Sector (the « LPRPSP ») a person responsible for the protection of personal information and privacy within the Company. The identity and contact details of this person are listed at the end of this section.
When and how personal information is collected?
In the normal course of its activities and in the course of its business and provision of services, the Company collects certain personal information necessary for these purposes or for any other compatible purpose if the criteria of PHIPA and other applicable laws and regulations regarding the protection of personal information are met (collectively, the “Act”). Personal information may also be collected by the Company in the context of employment, customer knowledge, collection, consultation and business relations.
The personal information collected by the Company may in particular relate to the identity, contact details, health, social or family situation, employment, recruitment, financial information, training or education of the individuals concerned, depending on the nature of the relationship between the latter and the Company. Identity documents containing personal information may also be collected by the Company. The criterion of necessity guides the collection of personal information by the Company.
The Company ensures that the persons concerned by the personal information collected consent to and are informed of this collection before it takes place. The Company also demonstrates transparency and takes steps to ensure that the persons concerned by the personal information collected understand the purposes of such collection.
Unless an exception is provided for in the Act, consent must be free, clear, precise, manifest, informed and presented in a distinctive manner if it is given in writing. If sensitive information is collected by the Company, the persons concerned shall give their express consent beforehand.
It is possible that the Company may collect personal information using technology that includes functions that make it possible to identify, locate or profile an individual. In such cases, consent in accordance with the Act will be requested from the person concerned. Information on the use of the Company’s website and other technical information or information on the interaction of the website visitor may be collected. A privacy policy is available to provide clear and simple information in this regard as well as regarding any collection of personal information via technological means.
In cases where personal information collected by the Company is communicated to it by a third party, i.e., a person other than the person to whom the information relates, the person making the communication must ensure that he or she has obtained the consent of the person concerned and has notified him or her of the communication beforehand.
How personal information is used?
The personal information collected by the Company is used to provide its services and, in some cases, to meet legal obligations arising from the Act. The personal information collected by the Company may also be required to enable it to meet its contractual obligations towards its customers and other third parties.
When personal information may be disclosed by the Company?
The Company may communicate the personal information it holds to third parties, in particular to companies that act as subcontractors for the Company or as service providers. In some cases, these third parties may be located outside the province of Quebec, so the personal information that the Company collects and holds may be located in a jurisdiction with a different applicable legal regime than that of Quebec.
The contracts that the Company enters into with third parties require them to maintain the confidentiality of personal information and stipulate, in particular, that they must comply with the legal framework applicable to the Company with regard to the protection of personal information and privacy.
Subject to an exception provided for in the Act, consent will be sought from the persons concerned by the personal information if the Company were to communicate to third parties personal information that is not related to its current operations and activities or that is not compatible with the purposes for which it was collected.
The Company may also disclose certain personal information it holds as part of a commercial transaction or in other cases provided for in the Act. If the circumstances of the communication mean that the Company does not have to seek the consent of the persons concerned by the personal information, it will comply with the requirements of the Act to proceed with such communication.
The Company may also be required to communicate certain personal information it holds to government authorities or bodies responsible for applying the law.
What security measures does the Company take with regard to the personal information it holds?
The Company implements policies and practices governing corporate governance and the protection of personal information.
Personal information held by the Company is kept in secure locations, in accordance with generally accepted practices, and access to this information is limited to those employees who need to have access to it in the course of their duties.
The Company’s employees are made aware of the importance of protecting personal information and of the measures to be taken to ensure that this information is kept confidential. As part of their duties, employees follow procedures that protect the confidentiality of personal information and promote best practices in this area.
The Company ensures that personal information is protected as soon as it is collected and implements security measures to protect it against use that does not comply with applicable legislation, accidental loss, unauthorized modification, disclosure or access, misuse or any illegal form of use. However, the Company cannot guarantee that the personal information it collects is protected against any breach.
Where the personal information collected by the Company is kept?
The Company’s personal information may be held or transferred outside the province of Québec, including to countries other than Canada, whose rules regarding the protection of personal information differ from those of Québec and Canada. When information is located outside Québec or Canada, it is subject to the laws of the country where it is located and its collection, communication, use and destruction may be carried out differently from provincial or federal requirements.
How long is personal information kept?
Unless authorized or required by applicable law, the Company retains personal information only as long as necessary to achieve the purposes for which it was collected, including for the purposes of satisfying ethical, legal, tax, accounting or notification requirements to the appropriate government authorities. At the end of the retention period, personal information is destroyed, deleted or made anonymous. Anonymised information no longer irreversibly identifies the person concerned.
In the event of a confidentiality incident involving personal information, the Company follows the provisions of the Act in force and takes reasonable measures to mitigate the risks of harm being caused to the persons concerned by the personal information affected by the incident.
Confidentiality Complaint
An individual who believes that his or her own personal information or that of another individual has been the subject of:
- Access not authorised by law;
- Use not authorised by law;
- A communication not authorised by law;
- Loss or any other breach of the protections provided by the Act
is invited to submit its complaint in writing to the Privacy Officer identified below.
The complaint must include the relevant details, i.e. the personal information concerned, the context, the potential or actual harm suffered or that could be suffered, and the relevant dates. The details of the reported incident should be described as accurately as possible, so that action can be taken quickly.
Any employee who receives a complaint knows that it must be forwarded to the Privacy Officer as soon as it is received.
As soon as a complaint is received, the Company follows its Internal Complaints Handling Procedure, in order to deal with the complaint fairly.
Person responsible for the protection of personal information
If you have any questions or comments regarding the way in which the Company handles personal information during its life cycle within the Company or if you wish to exercise your rights under the Act respecting the protection of personal information, you may contact the person responsible for the protection of personal information at the Company:
Ms. Carol-Anne Lindsay-Tremblay
Nucleom inc.
3405, rue Pierre-Ardouin
Québec (Québec) G1P 0B3
Confidentiality Policy at Nucleom inc.
Nucleom inc. hereinafter « the Company » is committed to protecting your personal information. We recognize and appreciate the trust you place in us, and we are committed to protecting the confidentiality and security of data collected from visitors to our Web site, all in accordance with the Act respecting the protection of personal information in the private sector and other applicable laws and regulations on the protection of personal information (collectively, the “Act“), including information relating to the identity, health, social or family situation, employment, financial information, training or education of the individuals concerned (hereinafter: « Personal Information »)
ARTICLE 1 – PERSONAL INFORMATION COLLECTED
When you browse our website, the Company may collect certain personal information about you. In general, we only collect such personal information when you provide it to us directly and on a voluntary basis. We also collect it, as the case may be, through e-mails received by our customer service department, through forms completed online via our website, and through cookies, as described below.
For the purposes of this Privacy Policy, “personal information” means any information about an identifiable individual, as defined from time to time in applicable privacy legislation. Such personal information may include:
- Your name and address;
- Your telephone number, postal address, e-mail address or other personal details;
- Bank details, credit card numbers or other billing information;
- The personal data you provide to us as a customer;
- Details of your visits to our website or other information collected by means of cookies and other tracking technologies;
- Technical data, such as the Internet Protocol address (IP address) of your computer, which enables us to obtain more details about the browser and operating system you are using;
- Information relating to recruitment, including curriculum vitae, details of education and previous professional experience;
- Information you may provide to us in connection with registration for and participation in training workshops, symposia, conferences, meetings or other events;
- Information relating to marketing and your communication preferences; and
- Any other personal data you may provide to us.
ARTICLE 2 – USE OF PERSONAL INFORMATION
The Company collects, uses and communicates personal information about its customers and suppliers in connection with the provision of its services. We collect, use and communicate your personal information in particular for the following purposes:
- Establish and maintain relationships with our customers, suppliers and other partners;
- Provide professional advice and services, fulfil our professional obligations and avoid conflicts of interest;
- Communicate personal information to third parties and receive personal information from them in order to provide professional services;
- Assess whether it is appropriate for the Company to establish business relationships with potential customers or suppliers, in particular for the purpose of assessing their solvency;
- Issue invoices, monitor invoicing, collect amounts owed to us and, if necessary, take legal action in connection with such collection;
- Establish, maintain or terminate an employment or contractual relationship;
- Analyse the needs and preferences of our customers, suppliers and third parties and communicate with them in this regard, in particular by means of surveys or evaluations;
- Develop, improve, market, sell or provide the Company’s services;
- Distribute our newsletters and other informative communications, as well as information about training workshops, symposia, conferences, meetings and other events;
- Collect, use and disclose your personal information as permitted by and in compliance with legal or regulatory requirements or provisions; and
- Collect, use and disclose your personal information for any other purposes to which you consent.
Our employees who require access to personal information in the course of their duties and depending on the circumstances also have access to personal information that is necessary for this purpose. These include customer service and sales support employees, human resources, accounting or finance employees who need access to employment-related information.
ARTICLE 3 – CONSENT
How do you obtain my consent?
If we ask you to provide us with your personal information for any reason, for example for marketing purposes, we will ask you directly for your explicit consent and give you the opportunity to refuse.
How can I withdraw my consent?
We offer you the option to unsubscribe or withdraw your consent to future communications in respect of any marketing communications sent to you. If, after having given us your consent, you change your mind and no longer consent to our contacting you, collecting your information or disclosing it, you may notify us by contacting us at info@nucleom.ca or by mail at the following address Nucleom inc, 3405, Pierre-Ardouin, Quebec, Quebec, Canada, G1P 0B3.
ARTICLE 4 – DISCLOSURE
We will not disclose, trade or sell your personal information to anyone unless you have expressly authorized us to do so or unless we are required to do so by law or by a court order.
ARTICLE 5 – SECURITY MEASURES
Unless authorized or required by applicable law, we retain your personal information only as long as necessary to fulfill the purposes for which it was collected, including fulfilling any legal, accounting or government notification requirements.
Once the intended use has been completed, your personal information is destroyed, deleted or anonymised, unless we are required by law to retain it. Anonymised information no longer allows you to be identified.
We also put in place rigorous security mechanisms to protect your personal information against loss or theft and against unauthorized access, disclosure, copying, use or modification, including locked filing cabinets and secure servers.
Subcontractors with access to personal information in our custody or control are made aware of this policy and other applicable policies and processes to ensure the security and protection of personal information. All subcontractors will be required to agree to comply with all policies, processes and laws prior to commencing their engagement with us.
ARTICLE 6 – LINKS PROVIDED BY THIRD PARTIES
You may leave our website by clicking on certain links contained on our site. If you visit third-party websites from such a link, we recommend that you read their privacy policies carefully before submitting personal data to them. The Company assumes no responsibility for the privacy practices of such other sites and recommends that you read their privacy policies carefully.
ARTICLE 7 – SECURITY
To protect your personal data, we take reasonable precautions and follow industry best practice to ensure that it is not lost, misappropriated, accessed, disclosed, altered or destroyed inappropriately.
The Company ensures that the personal information it collects is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. You have the right to request access to the personal information we have collected about you and to ask for it to be corrected if necessary. You may send such a request or any question or complaint concerning this policy or the Company’s practices with regard to the protection of personal information to our Privacy Officer by e-mail at clindsay@nucleom.ca.
ARTICLE 8 – COOKIES
Cookies are small data files that are transferred to your computer’s hard drive by a website. They save your preferences so that your subsequent visits to the website run more efficiently. Cookies help us identify you and may be necessary to provide you with the products and services you request. Cookies may record a variety of information, including the number of times you visit the website, your purchase history, your registration information and the number of times you visit a page or other area of the website. The use of cookies is common practice on most major websites to improve customer service. We may use cookies to track your preferences and activities on the nucleom.ca website.
Most browsers are designed to accept cookies but can easily be modified to block them; your browser’s help files contain information on blocking cookies, detecting cookies sent to you and disabling cookies. However, if you choose not to accept cookies from our website, you may not be able to take full advantage of their functionality.
ARTICLE 9 – CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or supplement this confidentiality policy at any time. We therefore invite you to consult it periodically. Changes and clarifications will take effect immediately upon publication on the website. If we make any changes to the content of this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
ARTICLE 10 – QUESTIONS AND CONTACT DETAILS
If you wish to correct, amend, delete or access any personal information we have about you, make a complaint, or if you simply want more information, contact our Privacy Standards Officer at ● [email address].