top of page

Privacy Policy

TRANSPORT NORDEST SUDOUEST is committed to protecting all personal information collected and used in the management of its activities.

OBJECTIVES OF INFORMATION COLLECTION

All individuals who work with TRANSPORT NORDEST SUDOUEST, for it or on its behalf, are required to respect the confidentiality of personal information and the right to privacy of any person, in accordance with the Personal Information Protection Act, when collecting, using, disclosing, storing, or disposing of personal information in the performance of their duties.

POLICY STATEMENT

Personal information under the custody or control of TRANSPORT NORDEST SUDOUEST is created, collected, stored, used, disclosed, and disposed of in a manner that complies with the Personal Information Protection Act. We respect the privacy rights of individuals whose personal information we possess, in accordance with these requirements.

PERSONAL INFORMATION

Personal information is defined as any information or combination of information about an individual that identifies that person. However, an individual’s name, along with professional contact details such as title, address, phone number, and email address, are not considered personal information. Personal information must be protected regardless of its medium and form: written, graphic, audio, visual, computerized, or otherwise.

CONSENT

The organization obtains written consent from an individual in the following situations:

  • Before collecting personal information, unless obtaining consent would result in the collection of inaccurate information, contradict the purpose of the collection, or compromise the use of the collected information. For example, the organization will generally consult the complainant to indirectly gather personal information for the purpose of conducting an investigation.

  • Before using or disclosing personal information for purposes other than those for which the information was originally collected or prepared.

  • Before removing personal information, unless such removal is expressly authorized by law.

  • If there is an intention to disclose a complaint received by the company or any privileged or confidential information obtained in the course of an investigation or proceeding. In this case, written consent must be obtained from all individuals whose rights or interests may reasonably be affected.

Obtaining an individual’s consent to collect personal information does not replace or establish the authority to collect such information under the Personal Information Protection Act; rather, the organization must ensure that the personal information to be collected is directly related and clearly necessary for the organization’s regulatory activities.

COLLECTION OF PERSONAL INFORMATION

Personal information can only be collected or created (e.g., issuing a license number or imposing restrictions on a license constitutes the creation of personal information) under the following conditions:

  • The personal information is directly related to a regulatory activity of the organization.

  • The collection of this personal information is necessary for the organization to fulfill the purposes prescribed by law or to achieve its regulatory objectives.

To determine if personal information is directly related to a regulatory activity, the organization must refer to policies that require or permit the collection of personal information. The organization’s policies provide guidance and advice on the necessity of collecting personal information to achieve its objectives. Before collecting or creating new personal information, the organization must:

  • Determine the personal information to be collected.

  • Determine the purposes of collecting each type of personal information.

  • Collect only the personal information necessary for achieving the determined purposes.

The organization collects or creates personal information intended for administrative purposes directly from the individual concerned, except when:

  • The individual authorizes the organization to collect the personal information from another source.

  • The personal information is collected for a purpose for which it may be disclosed to the organization.

  • Collecting personal information directly from the individual could result in the collection of inaccurate information.

  • Collecting personal information directly from the individual could contradict the purpose or compromise the use for which the personal information is collected. For example, the organization generally consults the complainant to indirectly gather personal information for an investigation.

We limit the collection, use, and disclosure of your personal information to the purposes we have indicated to you. Your personal information can only be accessed by authorized individuals and only for tasks assigned to them.

DISCLOSURE OF PERSONAL INFORMATION

Personal information held by the organization will not be disclosed unless consent from the individual concerned has been obtained or unless disclosure is authorized or required under the Personal Information Protection Act. Anyone subject to this policy must:

  • Disclose only the minimum amount of personal information required to fulfill the valid purposes indicated.

  • Consult the privacy officer before disclosing personal information other than what is required for their duties.

STORAGE OF PERSONAL INFORMATION

We retain your personal information only as long as necessary for the purposes for which it was collected. We must destroy this information in accordance with the law and our record retention policy. When destroying your personal information, we take necessary measures to ensure its confidentiality and prevent unauthorized access during the destruction process.

ACCURACY

The organization takes reasonable measures to ensure that personal information is as accurate, complete, and up-to-date as required for its intended purposes, and to minimize the possibility that inaccurate or incomplete information will be used to make decisions affecting an individual directly. The organization has documented procedures for individuals to request corrections to their personal information when they believe there has been an error or omission. We do not routinely update personal information unless necessary to achieve the purposes for which it was collected. The accuracy and completeness of personal information will depend on the data entry at the consent form.

 

ACCOUNTABILITY

We are responsible for personal information in our possession or under our control, including information entrusted to third parties for processing. We require these third parties to maintain such information according to strict confidentiality and security standards. Our privacy officer oversees this personal information protection policy and related processes, as well as procedures to protect this information. Our staff is informed and adequately trained on our privacy policies and practices.

 

SECURITY MEASURES

The organization is required to protect personal information under its custody or control against risks such as unauthorized access, collection, use, disclosure, or disposal, by taking reasonable security measures. These include a combination of technical, administrative, and physical protection measures. The reasonableness of security measures considers factors such as sensitivity, quantity, distribution, format, and method of storage of the information to be protected. We have implemented and continue to develop rigorous security measures to ensure your personal information remains strictly confidential and protected against loss or theft, and against unauthorized access, communication, copying, use, or modification. These security measures include organizational measures such as restricting access to what is necessary; backing up and archiving data using external systems; and technological measures such as the use of passwords and encryption (e.g., frequent password changes and firewalls).

ACCESS TO PERSONAL INFORMATION

The organization requires that access to personal information be role-based and limited to the minimum amount of information necessary for authorized purposes. The organization monitors access to and use of personal information to detect inappropriate or unauthorized access or processing, using means such as audits. The organization requires service providers to comply with the organization’s legal obligations concerning personal information processing and protection, and service providers are required to adhere to this personal information protection policy.

REQUESTS FOR ACCESS TO AND MODIFICATION OF INFORMATION

Subject to exceptions under the Personal Information Protection Act, individuals may access their personal information held by the organization, review it, or request a copy by submitting a written request to the organization’s privacy officer. We will provide such information within a reasonable time from the receipt of the written request. Reasonable fees may also be charged for processing your request. In certain circumstances, we may refuse to provide the requested information. Exceptions to your right of access include situations where the requested information pertains to other individuals, where information cannot be disclosed for legal, security, or copyright reasons, where the information was obtained during a fraud investigation, where disclosing the information would be prohibitively costly, or where the information is subject to litigation or is privileged. When we hold medical information about you, we may refuse to provide it directly and may ask for it to be sent to a designated health professional who will communicate it to you. You can verify the accuracy and completeness of your personal information and request modifications where applicable. Any request for modifications will be processed within a reasonable time.

Requests for access to or modification of personal information can be sent to:

PRIVACY OFFICER

Sylvain Auger
signalementloi25@HamelConstruction.com
418-796-2074 ext 250

COMPLAINTS AND QUESTIONS

You may contact the privacy officer at the above address. Any complaints regarding personal information protection should be directed to the privacy officer at the address provided above. We will investigate all complaints. If a complaint is found to be valid, we will take appropriate measures, including, if necessary, revising our policies and practices.

TRAINING AND AWARENESS

The company promotes best practices and respect for transparency and personal information protection rights in various ways:

  • It informs all staff members (consent form);

  • It posts the name and contact details of the person responsible for privacy protection;

  • It employs various awareness methods, including:

    • Information sessions on personal information protection,

    • Reminders during team meetings,

    • Staff training,

    • An action plan for personal information protection,

    • A logbook, etc.

ENFORCEMENT

If you believe the company has not adhered to these principles for any reason, please notify us by contacting our privacy officer. We will take necessary steps to identify and correct the issue within a reasonable time. Please mention "Privacy Protection" in your subject line.

POLICY UPDATE

This policy must be reviewed every three years. It will also be updated with any significant changes to legislation or regulatory requirements.

Updated: 2024-05-17

bottom of page