THE COMPANY’S COMMITMENT TO THE PROTECTION OF PERSONAL INFORMATION
BACKGROUND

On September 22, 2023, the Act to modernize legislative provisions respecting the protection of personal information (“Bill 25”) came into force. Aimed at promoting transparency and improving the protection of personal information, the main changes to the Act respecting the protection of personal information in the private sector, RLRQ c P-39.1 as amended by Bill 25 (collectively, the “Private Sector Act”) include stricter obligations for businesses, increased accountability and heavier penalties for non-compliance.

Pitou Minou et compagnons Inc. has adopted a policy in compliance with the regulations in force to govern its internal procedures and practices in order to ensure the protection of personal information at all times.

Personal information

Personal information is any information that allows a natural person to be identified, directly or indirectly.

Information concerning the performance of a person’s duties within a company or public body is public information, such as :

Name ;
title
Position;
E-mail address and telephone number.
privacy officer

The Privacy Officer is responsible for :

Receiving and processing requests for access to or correction of personal information;
Managing confidentiality incidents;
Act as interlocutor with the Commission d’accès à l’information;
Chair the Privacy Committee.

Pitou Minou et compagnons Inc has designated the following department as its Privacy Officer:

Administration

Info@pmcglobal.ca

Telephone: 450-319-0336

PRIVACY COMMITTEE

A Privacy Committee has been set up to carry out a Privacy Impact Assessment of any project involving the acquisition, development or redesign of information systems or the electronic delivery of services involving the collection, use, disclosure, retention or destruction of personal information.

all staff members

Employees must collect only the information required for the purposes identified prior to collection. These purposes must be serious and legitimate.

Personal information may not be collected from a third party without the consent of the person concerned or a legal exception.

Once collected, staff members must take care to protect the confidentiality of personal information, in particular by limiting the personal information at the time of collection, the risks of communication, disclosure and use.

At the request of the person concerned, staff members must confirm the existence of personal information and give him or her access to this information, allowing him or her to obtain a copy.

At the request of the person concerned, employees must rectify any personal information that is inaccurate, incomplete or equivocal, or if its collection, communication or retention is not authorized by law.

Staff members may not, without the consent of the person concerned or the authorization of the law, communicate it to third parties or use it for purposes incompatible with those of its constitution.

Staff members must take appropriate measures to ensure the protection of personal information in their possession. Access to premises and computer systems must be limited and controlled.

Staff members must consult the Privacy Officer for any request for access to personal information authorized by law or court order.

Staff members must destroy personal information once the purpose for which it was collected has been fulfilled, or anonymize it in order to use it for serious and legitimate purposes, subject to the conditions and retention period stipulated by law.

MANAGEMENT OF PRIVACY Incidents involving personal information

Staff members must notify the Privacy Officer when there is reason to believe that a privacy incident involving personal information has occurred, so that the measures provided for in the Policy can be applied.