Privacy Policy
PROLAB TECHNOLUB inc. is committed to protecting all personal information collected and used in the management of its activities.
PURPOSE OF INFORMATION COLLECTION
All individuals who work with PROLAB TECHNOLUB inc. for or on behalf of the company are required to respect the confidentiality of personal information and the right to privacy of all individuals, in accordance with the Privacy Act, when collecting, using, disclosing, retaining, or disposing of personal information in the course of their duties.
POLICY STATEMENT
Personal information under the care or control of PROLAB TECHNOLUB inc. is only created, collected, stored, used, disclosed, and disposed of in a manner that respects the Privacy Act regarding privacy protection. We respect the privacy rights of individuals whose personal information is in our possession, in accordance with these requirements.
PERSONAL INFORMATION
Personal information is defined as any information or combination of information concerning an individual that allows them to be identified. However, an individual's name, as well as their professional contact details, i.e., their professional title, address, phone number, and email address, are not considered personal information.
Personal information must be protected regardless of the nature of its medium and in whatever form: written, graphic, audio, visual, computerized, or otherwise.
CONSENT
The organization obtains written consent from an individual in the following situations:
before collecting personal information, unless requesting consent would lead to the collection of inaccurate information or would go against the purpose of the collection, or would compromise the use of the collected information. For example, the organization will generally consult the author of a complaint to indirectly collect personal information for investigation purposes;
before using or disclosing personal information for purposes that do not comply with the purposes for which the information was collected or prepared;
before any withdrawal of personal information, unless such withdrawal is expressly authorized by law;
if it intends to disclose a complaint received by the company or any privileged or confidential information obtained as part of an investigation or procedure. In this case, written consent must be obtained from all individuals whose rights or interests may reasonably be affected.
Obtaining an individual's consent to collect personal information does not replace or establish the authority to collect such information under the Privacy Act; rather, the organization must ensure that the personal information to be collected is directly related and demonstrably necessary to the organization's regulatory activities.
COLLECTION OF PERSONAL INFORMATION
Personal information may only be collected or created (e.g., assigning a license number or imposing restrictions on a license constitutes the creation of personal information) under the following conditions:
personal information is directly related to a regulatory activity of the organization;
the collection of such personal information is necessary to enable the organization to meet the purposes provided by law or to achieve its regulatory objectives.
To determine if personal information is directly related to a regulatory activity, policies that require or authorize the collection of personal information must be consulted. The organization's policies provide guidelines and advice on the necessity of collecting personal information to enable the organization to achieve its objectives. Before collecting or creating new personal information, the organization must:
identify the personal information to be collected;
determine the purposes of collecting each type of personal information;
collect only the personal information necessary to achieve the determined purposes.
The organization collects or creates personal information intended for administrative use directly from the individual concerned, except when:
the individual authorizes the organization to collect personal information from another source;
personal information is collected for a purpose for which it may be disclosed to the organization;
collecting personal information directly from the individual could lead to the collection of inaccurate information; or
collecting personal information directly from the individual could go against the purpose or compromise the use for which the personal information is collected. For example, the organization will generally consult the author of a complaint to indirectly collect personal information for investigation purposes.
We limit the collection, use, and disclosure of your personal information strictly to the purposes we have indicated to you. Your personal information can only be accessed by certain authorized individuals, and only within the scope of their assigned duties.
DISCLOSURE OF PERSONAL INFORMATION
Personal information held by the organization will not be disclosed unless the consent of the individual concerned has been obtained or unless the disclosure is authorized or required under the Privacy Act.
Anyone subject to this policy must:
disclose only the minimum personal information required to satisfy the stated valid purposes;
consult the Privacy Officer before disclosing personal information other than what is required in the course of their duties.
RETENTION OF INFORMATION
We retain your personal information only as long as necessary for the purposes for which it was collected. We must destroy this information in accordance with the law and our record retention policy. When we destroy your personal information, we take the necessary measures to ensure its confidentiality and ensure that no unauthorized person can access it during the destruction process.
ACCURACY
The organization takes reasonable measures to ensure that personal information is as accurate, complete, and up-to-date as required for the purposes for which it is intended, and to minimize the possibility that inaccurate or incomplete information will be used to make a decision directly affecting an individual.
The organization has documented procedures allowing individuals to request correction of their personal information when they believe there has been an error or omission.
We do not systematically update personal information unless it is necessary to achieve the purposes for which it was collected. The degree of accuracy, currency, and completeness of personal information will depend on the input of your data during the consent form for collection.
RESPONSIBILITY
We are responsible for the personal information we possess or control, including information we entrust to third parties for processing. We require these third parties to maintain this information according to strict standards of confidentiality and security.
Our Personal Information Protection Officer oversees this privacy policy and related processes, as well as the procedures to follow to protect this information.
Our staff is informed and adequately trained on our policies and practices regarding personal information protection.
SECURITY MEASURES
The organization is required to protect personal information under its care or control from risks such as unauthorized access, collection, use, disclosure, or removal, by implementing reasonable security measures. These include a combination of technical, administrative, and physical safeguards. The reasonableness of security measures considers factors such as the sensitivity, quantity, distribution, format, and storage method of the information to be protected.
We have implemented and continue to develop rigorous security measures to ensure that your personal information remains strictly confidential and is protected against loss or theft, and against any unauthorized access, disclosure, copying, use, or modification.
These security measures include organizational measures such as restricting access to what is necessary; backing up and archiving data using an external system, etc.); and technological measures such as the use of passwords and encryption (e.g., frequent password changes and the use of firewalls).
Access to Personal Information
The organization requires that access to personal information be role-based and limited to the minimum amount of information necessary for authorized purposes.
The organization monitors access to and use of personal information to quickly detect cases of inappropriate or unauthorized access to or processing of personal information through means such as auditing.
The organization requires service providers to comply with the organization's legal obligations regarding the processing and protection of personal information, and service providers are required to comply with this privacy policy.
REQUEST FOR ACCESS TO INFORMATION AND MODIFICATIONS
Subject to the exceptions provided by the Privacy Act, any person may access, review, or receive a copy of their personal information held by the organization by submitting a written request to the organization's Privacy Officer.
We will provide such information within a reasonable timeframe, from the date of receipt of the written request. Reasonable fees may also be charged to process your request.
In certain specific circumstances, we may refuse to provide you with the requested information. Exceptions to your right of access include, but are not limited to, situations where the requested information concerns other individuals, information that cannot be disclosed for legal, security, or copyright reasons, information obtained as part of a fraud investigation, information that can only be obtained at prohibitive costs, or information that is subject to litigation or is privileged.
When we hold medical information about you, we may refuse to disclose it to you directly and request that it be sent to a healthcare professional you designate to communicate it to you.
You can verify the accuracy and completeness of your personal information and, if necessary, request its modification. Any modification request will be processed within a reasonable timeframe.
Any request for access to personal information or modification of personal information can be sent to the address below:
Personal Information Protection Officer
Denis Drouin, IT Director
info@prolabtechnolub.com
1 800 795-2777