Your Data Privacy, Our Priority: A Transparent Policy for Your Peace of Mind
Policies and Practices Governing the Management of Personal Information (November 2024) Acxcom Agency Inc. (hereinafter “THE COMPANY”) is governed by the Act Respecting the Protection of Personal Information in the Private Sector (CQLR, c. P-39.1) (the Act).
Terms of Use for THE COMPANY’s Website
Our website is provided as a service to visitors. THE COMPANY reserves the right to modify, add, or remove content on this website at any time and for any reason, without prior notice.
Privacy Notice
Emails sent may contain personal and/or confidential information. If you receive a communication by mistake that is not intended for you, please notify the sender and delete the communication without sharing its content or retaining a copy. Browsing data is non-personal information as it does not identify an individual. All our business partners, without exception, are legally required to adhere to recognized principles regarding privacy protection.
IP Address
During your visit to our website, our servers may collect your device’s IP address (computer, mobile device, tablet, etc.) and the name of your internet service provider. By using our website, browsing our social media or specialized applications, you consent to our use of the navigation data collected. Cookies Some information is collected when you visit our website through cookies. These cookies are stored directly on your device’s hard drive by an HTTPS server. These files do not contain any personal information; they are simply unique numbers that identify you during your visits to facilitate the loading of previously visited pages and provide content that may interest you, all to offer you an optimal experience.
Google Analytics
THE COMPANY uses the Google Analytics tool to collect data on the browsing activities of its website visitors, including, but not limited to, source, time spent on our website, and pages viewed. Pixels THE COMPANY or one of its partners may use “tracking pixels” to collect data related to its website users, including demographic data or browsing behaviors.
Personal Information
Personal information is data that relates to an individual and can directly or indirectly identify them. Written documents, images, videos, and sound recordings can contain personal information. As part of its professional activities, THE COMPANY may collect personal information such as name, home address, date of birth, identification document information, etc.
Consent
THE COMPANY collects, uses, and discloses personal information with the consent of the individual concerned. For consent to be valid, it must be clear, free, informed, and given for specific purposes. The person providing their personal information is presumed to consent to its use and disclosure for the purposes for which it was collected. Anyone may withdraw their consent to the collection, use, and disclosure of their personal information by THE COMPANY at any time. If the collection is necessary for the conclusion or execution of a contract by THE COMPANY, withdrawal of consent may prevent THE COMPANY from fulfilling a service request.
Responsibility
THE COMPANY is responsible for protecting the personal information it holds as part of its activities. To this end, THE COMPANY has adopted a privacy policy and related governance policies and practices aimed at overseeing the collection, use, disclosure, retention, and destruction of personal information.
Collection of Personal Information
THE COMPANY only collects personal information necessary for conducting its activities. For example, information may be collected to complete a transaction, maintain records, or for any other purpose identified by THE COMPANY and communicated to the person giving consent. THE COMPANY encourages its staff to explain in clear and simple terms to the individual concerned the reasons for collecting personal information and to ensure their understanding. THE COMPANY may also collect personal information verbally during correspondence related to a transaction or through various documents submitted in the context of completing a transaction (e.g., ID, financial documents, powers of attorney).
Use and Disclosure of Personal Information
Personal information is used and disclosed for the purposes for which it was collected, with the consent of the individual concerned. In certain cases provided for by law, personal information may be used for other purposes, such as detecting and preventing fraud or providing a service to the individual. THE COMPANY may be required to disclose personal information to third parties, including suppliers, contractors, subcontractors, agents, insurers, professionals, or outside Quebec. THE COMPANY may disclose personal information to a third party without the individual’s consent if it is necessary to fulfill a mandate or service contract. In this case, THE COMPANY establishes a written mandate or contract specifying the measures the agent must take to protect the personal information entrusted to them, ensuring it is used only for the mandate or contract and destroyed afterward. The contractor must also cooperate with THE COMPANY in the event of a breach of confidentiality. Before disclosing personal information outside Quebec, THE COMPANY considers its sensitivity, the intended use, and the protection measures available outside Quebec. THE COMPANY will only disclose personal information outside Quebec if its analysis demonstrates that it will receive adequate protection in the destination location.
Security Measures
When collecting, using, storing, and destroying personal information, THE COMPANY implements necessary security measures to protect confidentiality. Specific measures include:
**Access Control**: Only authorized personnel have access to data for specific tasks.
**Staff Training**: Regular training on data management best practices and information security.
**Audits and Monitoring**: Regular audits to ensure compliance with security policies.
**Regular Security Updates**: Software and systems are regularly updated to address potential security vulnerabilities.
**Firewalls and Antivirus**: Installation and maintenance of firewalls and antivirus software.
**Backup Protocols**: Regular, secure data backups stored in a secure location.
**Incident Response Plan**: An action plan in place for data breaches or other security incidents.
**Secure Archiving**: Data is securely archived when no longer needed by brokers, accessible only to authorized internal personnel with a password.
**Risk Assessment**: Regular risk assessments to identify and mitigate potential vulnerabilities.
**Transparency and Consent**: Individuals are informed of how their data is used and stored, and informed consent is obtained.
Confidentiality Incident
A confidentiality incident refers to unauthorized access, use, or disclosure of personal information as defined by law, or the loss or any other compromise of personal information. THE COMPANY has established a protocol for managing confidentiality incidents, identifying personnel assisting the Personal Information Protection Officer, and outlining specific actions to be taken in such cases. This protocol includes the responsibilities at each step of incident management, including measures to secure data.
Roles and Responsibilities
1. THE COMPANY:
- Ensures confidentiality through good information management practices, providing guidelines, training, and instructions to staff for the collection, use, storage, modification, consultation, communication, and permitted destruction of personal information.
- Implements adequate protective measures to reduce the risk of confidentiality incidents, such as IT security, updating personal information policies, and staff training.
- Uses standardized methods for classifying documents containing personal information.
- Employs standardized methods for storing documents containing personal information, including digitalization procedures.
- Manages physical and IT access to personal information based on its sensitivity.
- Conducts secure archiving of personal information, with clear instructions for staff on secure archiving methods, retention periods, etc.
2. Personal Information Protection Officer: As required by law, THE COMPANY has appointed a Personal Information Protection Officer responsible for ensuring compliance with these policies and applicable regulations. Their name and contact details are listed in the “Right of Access, Withdrawal, and Rectification” section. The officer manages confidentiality incidents and performs actions required by law. They also handle access and rectification requests for personal information and complaints regarding THE COMPANY’s handling of personal data. The officer is consulted on privacy impact assessments for any project involving the collection, use, disclosure, retention, archiving, or destruction of personal information.
3. Staff Members: Staff members of THE COMPANY may only access personal information when necessary for performing their duties. Staff members:
- Ensure the integrity and confidentiality of personal information held by THE COMPANY.
- Comply with all policies and guidelines regarding access, collection, use, disclosure, archiving, destruction of personal information, and information security.
- Adhere to security measures at their workstation and on any equipment containing personal information.
- Use only authorized equipment and software provided by THE COMPANY.
- Ensure secure archiving of personal information as instructed and immediately report any known or suspected breach of data security to their supervisor.
Right of Access, Withdrawal, and Rectification
An individual (or their authorized representative) may request access to their personal information held by THE COMPANY. They may withdraw consent for the collection, use, and disclosure of their personal information at any time, recorded in writing. An individual may request corrections to personal information they believe is inaccurate, incomplete, or ambiguous. THE COMPANY may refuse access or rectification requests in cases provided by law.
Complaints
An individual who believes their personal information has been mishandled may file a complaint regarding THE COMPANY’s treatment of their data. This complaint will be addressed diligently within 10 business days by the Personal Information Protection Officer, with a written response provided.
**Receipt of Complaint**: Upon receipt, an acknowledgment will be sent to the complainant within 48 hours.
**Complaint Registration**: The complaint is recorded in a tracking system for effective follow-up.
**Initial Assessment**: The officer evaluates the complaint for validity and urgency.
**Investigation**: A thorough investigation will be conducted, potentially involving interviews with relevant staff and examination of systems and logs.
**Documentation**: All findings will be documented comprehensively.
**Decision and Corrective Actions**: Based on the findings, corrective actions will be taken if necessary, and a decision on the complaint will be made.
**Notification to Complainant**: A detailed response will be sent to the complainant within 10 business days.
**Recourse**: If unsatisfied, the complainant will be informed of available remedies, including referring the complaint to the relevant authorities.
**Internal Review**: Processes will be reviewed to identify lessons learned and implement future improvements.
**Archiving**: The complaint and all related actions will be securely archived for audit purposes.
To request access or rectification of your personal information or to submit a complaint about how your data is handled, please contact:
Sylvain Asselin
info@acxcom.com
(514) 225-4172 (ext. 210)
THE COMPANY reserves the right to modify its privacy policy at any time without notice. We suggest checking this page regularly for updates.