Personal information

Personal information

 

(Excerpt from the policy)

Applicable principles

Collection of Personal Information and creation of a File

Collection and Use with Consent

Unless otherwise specified, PIREL shall ensure that it has obtained the consent of the individual to the collection of personal information.

Collection Requirements

When collecting personal information, PIREL shall:

  1. collect only that information which is necessary for the purposes of the file
  2. inform the individual of the purpose of the file and the contact information of the person who can answer questions about the collection of personal information
  3. collect directly from the individual

Accurate and up-to-date personal information

PIREL shall ensure that the personal information used is accurate and up to date when making a decision about the individual.

Disclosure to a Third Party with Consent

PIREL shall not disclose an individual’s personal information to a Third Party unless it has obtained the individual’s consent or unless the disclosure is permitted by applicable law without consent.

Retention and Destruction of Personal Information

Unless an exception is provided for in the regulations, Personal Information contained in a File shall be retained for as long as necessary to fulfill the Purpose of the File. When PIREL no longer needs the information to fulfill the purpose of the record, it shall destroy, de-identify or erase the information, considering the retention periods prescribed by the regulations.

Minimum duration: As long as it is necessary to accomplish the object of the file

Maximum length of time: 5 years following the termination of the file

Selective Access to Personal Information

PIREL shall ensure that personal information contained in a file is accessible to employees, representatives, agents, managers who have a right to know the information and only when necessary for the performance of their duties or mandates.

Disclosure of Information

PIREL will not disclose or sell to third parties any personal information held during its business for commercial or philanthropic purposes. If this is not the case, consent will be sought prior to any disclosure.

PIREL reserves the right to disclose certain personal information if it believes it is necessary to do so to comply with the law or to protect itself. For example, PIREL may share information to respond to a court order or subpoena. PIREL may also share personal information if required by a government agency or investigative body.

Security Measures

PIREL shall implement security safeguards to protect personal information that is collected, used, disclosed, retained, or destroyed in a manner that is reasonable, taking into account, among other things, the sensitivity of the information, the purpose for which it is to be used, the amount and distribution of the information, and the medium used.

All personal information is stored on secure servers with restricted access. PIREL takes reasonable technical measures to ensure a secure environment and to protect personal information, such as: firewalls, use of anti-virus software, access management, intrusion detection, and regular back-ups.

Internal Operations

Internal Committee

PIREL has established a committee to:

  • Ensure compliance with this policy in PIREL’s operations
  • Ensure that procedures, processes, information systems and their data, etc. comply with the framework of Law 64
  • Ensure that third parties who possess sensitive data for the benefit of PIREL and during its operations respect the required security environment.
  • Ensure that a summary of this policy is posted on the PIREL website and updated regularly.
  • Make recommendations, as appropriate, to the President of the company to address any issues raised.
  • Report to the President of the company on a quarterly basis or when situations arise that do not comply with this policy.

Processing of complaints

The Privacy Officer or designate shall acknowledge and coordinate the follow-up of inquiries and complaints and ensure that responses meet privacy requirements and are timely.

Investigations

All privacy complaints are investigated. If we believe the complaint is justified, PIREL will attempt to resolve it.  If necessary, we will modify our policies and practices to ensure that the situation does not recur.

The investigation involves a review of the facts to analyze the complaint.

Acknowledgement and Response

When an inquiry cannot be answered or a complaint cannot be resolved immediately, the inquirer will be informed that the inquiry or complaint is being reviewed and we will provide an approximate date for a response.

Follow-up

The Privacy Officer or designate will contact the requester, as required, to ensure that the matter has been satisfactorily resolved.

If the resolution of the complaint requires PIREL to change its policies and practices, the Privacy Officer or designate shall ensure that the appropriate changes are made.

Oversight of Privacy Complaint Procedures

The Privacy Officer or designate shall periodically review the complaint process to ensure that a fair, appropriate, and timely mechanism is in place.

Inquiries or complaints may be directed to the Privacy Officer either by mail to the company’s head office or by email to: [email protected].