Personal Information Protection Policy
The Personal Information Protection Policy of the Quantino (“Quantino”) website, owned by INO (“INO”) available at www.quantino.ca, is modeled after the principles set out in the national standard of Canada entitled “Model code for the protection of personal information” (CAN/CSA-Q830-96).
Nothing in this Personal Information Protection Policy (the “Policy”) has the effect of creating obligations for INO beyond those imposed by applicable laws and regulations pertaining to protection of personal information.
In this Policy:
- “Personal Information” means any information which relates to a natural person and allows that person to be identified.
- “Individual” or “you” refer to you as a customer or employee of INO or as a user of any of its services (the “Services”).
This Policy covers the following aspects of personal information protection:
- Limited collection
- Limited use, disclosure and retention
- Individual access to their personal information
- Challenging compliance
- Provisions applicable to data collected concerning individuals located in the European Union
MANAGEMENT OF PERSONAL INFORMATION
The name or title and the address, of the individual who is accountable for INO and Quantino’s policies and practices and to whom complaints or inquiries can be forwarded is:
Philippe Boivin, Vice-President, Corporate Affairs (email@example.com).
DETAILS OF THE POLICY
INO has designated an individual or individuals accountable for INO’s compliance with the following Policy.
Accountability for INO’s compliance with this Policy rests with the designated individual, even though other individuals within INO may be responsible for the day-to-day collection and processing of Personal Information. Other individuals within INO may be delegated to act on behalf of the designated individual(s).
The purposes for which Personal Information is collected will generally be identified by INO at or before the time the Personal Information is collected.
INO will document the purposes for which Personal Information is collected. Depending upon the way in which the Personal Information is collected, this can be done orally or in writing. An online application form or notes related thereto, for example, may give notice of the purposes.
Identifying the purposes for which Personal Information is collected at or before the time of collection allows INO to determine the Personal Information it needs to collect to fulfil these purposes. INO will collect only the Personal Information necessary for the purposes that have been identified.
The current purposes for which INO may collect your Personal Information include:
o Providing, maintaining and improving the Services;
o Allowing INO to perform internal operations in relation with its Services; and
o Sending or facilitating communications between INO and you in relation with the Services;
When Personal Information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified and documented prior to use. Unless the new purpose is required by law, your consent will be requested before Personal Information can be used for that purpose.
INO will be able to explain to you the purposes for which the Personal Information is being collected.
Your knowledge and consent are required for the collection, use or disclosure of Personal Information, except where inappropriate. (For example, legal, medical, or security reasons may make it impossible or impractical to seek consent.)
Your consent to the collection, use or disclosure of your Personal Information will be manifest, free and enlightened, and will be given for specific purposes. Such consent will be valid only for the length of time needed to achieve the purposes for which it was requested.
Typically, INO will seek consent for the use or disclosure of the Personal Information at or before the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the Personal Information has been collected but before use (for example, when INO wants to use Personal Information for a purpose not previously identified).
To make the consent meaningful, the purposes for which the Personal Information will be used will be stated in such a manner that you can reasonably understand how the Personal Information may be used or disclosed.
INO will not, as a condition of the supply of a product or service, require your consent to the collection, use or disclosure of Personal Information beyond that required to fulfil the purposes.
The form of the consent sought by INO may vary, depending upon the circumstances and the type of Personal Information. In determining the form of consent to use, INO will take into account the sensitivity of the Personal Information.
The way in which INO seeks consent may vary, depending on the circumstances and the type of Personal Information collected. INO will generally seek express consent when the Personal Information is likely to be considered sensitive. Implied consent may generally be appropriate when the Personal Information is less sensitive. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney). Consent will not be obtained through deception.
You can give consent in many ways. For example:
o an online application form may be used to seek consent, collect Personal Information and inform you of the use that will be made of the Personal Information. By completing and sending the form, you are giving consent to the collection and the specified uses;
o a checkbox may be used to allow you to expressly agree that your name and address be given to other organizations;
o consent may be given at the time that you use a product or Service.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
Consent to the disclosure of Personal Information from a third person may be given by you to INO in order to collect the Personal Information from the third person.
INO will collect Personal Information only from you, unless you consent to collection from third persons. However, INO may, without your consent, collect Personal Information from a third person if the law so authorizes. It may also do so if it has a serious and legitimate reason and either of the following conditions is fulfilled:
o the Personal Information is collected in your interest and cannot be collected from you in due time; or
o collection from a third person is necessary to ensure the accuracy of the Personal Information.
- Limited Collection
The collection of Personal Information will be limited to that which is necessary for the purposes identified by INO. Information will be collected by fair and lawful means.
INO will specify the type of Personal Information collected as part of their information-handling policies and practices. Personal Information collected may include, but is not limited to:
o Your first name and last name;
o Your email address;
o Your IP address;
o Your browsing behaviour;
o Name of the company you work for;
o Telephone number;
o City and country of residence;
INO may establish a file on you.
INO, when establishing a file on you or recording Personal Information in such a file, will make an entry indicating the source of any Personal Information collected from a third person when the third person is a person carrying on an enterprise. The entry is part of your file.
INO may not refuse to respond to a request for goods or services or to a request relating to employment by reason of the applicant's refusal to disclose Personal Information except where:
o collection of that Personal Information is necessary for the conclusion or performance of a contract;
o collection of that Personal Information is authorized by law; or
o there are reasonable grounds to believe that the request is not lawful.
- LIMITED USE, DISCLOSURE AND RETENTION
Personal Information will not be held, used or disclosed for purposes other than those for which it was collected, except with your consent or as required by law. Personal Information will be retained only as long as necessary for the fulfilment of those purposes.
INO will develop guidelines and implement procedures with respect to the retention and destruction of Personal Information. These guidelines and procedures will include minimum and maximum retention periods. (INO may be subject to legislative requirements with respect to retention periods.)
INO will not disclose to a third person your Personal Information unless you consent thereto, or such disclosure or use is provided for by law.
For instance, in the carrying on of its enterprise, INO and/or Quantino’s authorized employees, mandataries or agents or any supplier in to a contract with INO and/or Quantino for work or services may have access to Personal Information without your consent if the Personal Information is needed for the performance of their duties or the carrying out of their mandates or contracts.
INO may, without your consent, disclose Personal Information contained in a file to an archival agency if the archival agency is a person whose object is the acquisition and preservation of documents for their general informational value and if the Personal Information is disclosed as part of the transfer or deposit of the archives of INO.
Personal Information may also be disclosed without your consent for research purposes if the documents containing the Personal Information are not structured so as to allow retrieval by reference to your name or identifying code or symbol and the Personal Information cannot be retrieved by means of such a reference.
INO is accountable to the Government of Canada and the Government of Quebec for some of its research and development activities and, therefore, may provide them with information such as the names and contact information of its clients and the nature of the services received by its clients.
Any person holding Personal Information on behalf of INO may refer to the latter every request for access or rectification received from an Individual to whom Personal Information relates.
Personal Information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Personal Information that is used on an ongoing basis, including Personal Information that may be disclosed to third parties, will be generally accurate and up-to-date, unless limits to the requirement for accuracy are set out.
INO will not routinely update Personal Information, unless such a process is necessary to fulfil the purposes for which the Personal Information was collected.
The extent to which Personal Information will be accurate, complete and up-to-date will depend upon input (i) from you or (ii) resulting from data generated by you using Quantino products or services, and the use of the Personal Information, taking into account your interests.
Personal Information will be protected by security safeguards appropriate to the sensitivity of the Personal Information.
INO will take the security measures necessary to ensure the protection of the Personal Information collected, used, disclosed, held or destroyed and that are reasonable given the sensitivity of the Personal Information, the purposes for which it is to be used, the quantity and distribution of the Personal Information and the medium on which it is stored.
The security safeguards of INO will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
The nature of the safeguards will vary depending on the sensitivity of the Personal Information that has been collected, the amount, distribution and format of the Personal Information and the method of storage.
The methods of protection will include:
o physical measures (such as restricted access to offices);
o organizational measures (such as security clearances); and
o technological measures (such as the use of passwords).
INO will make its employees aware of the importance of maintaining the confidentiality of Personal Information, and care will be used in the disposal or destruction of Personal Information, to prevent unauthorized parties from gaining access to the Personal Information.
INO will make readily available to you specific information about its policies and practices relating to the management of Personal Information.
INO is open about its policies and practices with respect to the management of Personal Information. You will be able to acquire information about INO’s policies and practices without unreasonable effort. This information will be made available in a form that is generally understandable.
The information made available includes:
o the name or title and the address of the individual who is accountable for INO’s Policies and practices and to whom complaints or inquiries can be forwarded;
o the means of gaining access to Personal Information held by INO;
o a description of the type of Personal Information held by INO, including a general account of its use; and
o what Personal Information is made available to related organizations;
INO/Quantino may make information on its policies and practices regarding Personal Information Protection available in a variety of ways. The method chosen depends on the nature of its business and other considerations.
- Individual Access
Upon request, you will be informed of the existence, use and disclosure of your Personal Information and will generally be given access to that Personal Information. You will be able to challenge the accuracy and completeness of the Personal Information and have it amended as appropriate.
Upon request, INO will inform you whether or not INO holds Personal Information about you and may indicate the source of this Personal Information. INO will generally allow you access to this Personal Information. You may be required to provide sufficient information to permit INO to provide an account of the existence, use and disclosure of Personal Information.
You are entitled to obtain that any Personal Information collected otherwise than lawfully be deleted.
No request for access, rectification or deletion may be considered unless it is made in writing by you when you prove that you are the individual concerned (or the representative, heir or successor of that individual, or the liquidator of the succession, a beneficiary of life insurance or of a death benefit).
INO, when holding a file that is the subject of your request for access, rectification or deletion, will respond to that request within a reasonable time after receipt of the request. The requested information will be provided or made available in a form that is generally understandable. (For example, if INO uses abbreviations or codes to record Personal Information, an explanation will be provided.)
In certain situations, INO may not be able to provide access to all the Personal Information it holds about you. Exceptions to the access requirement are meant to be limited and specific. The reasons for denying access will be provided to you upon request.
Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons and information that is subject to solicitor-client or litigation privilege.
INO may refuse to give communication of Personal Information to you where disclosure of the Personal Information would be likely to hinder an inquiry the purpose of which is the prevention, detection or repression of crime or statutory offences.
A reasonable charge may be required when requesting the transcription, reproduction or transmission of Personal Information.
- Challenging Compliance
You may address a challenge concerning INO’s compliance with this Policy to the designated individual accountable for such compliance.
INO will investigate all complaints. If a complaint is found to be justified, INO will take appropriate measures, including, if necessary, amending its policies and practices.
When a challenge is not resolved to your satisfaction, the substance of the unresolved challenge will be recorded by INO.
- PROVISIONS APPLICABLE TO DATA COLLECTED CONCERNING INDIVIDUALS IN THE EUROPEAN UNION
INO is committed to ensuring that your personal data collected is processed in a lawful, fair and transparent manner. INO will not collect your personal data without having a legal basis for doing so or without having obtained your manifest, free, informed and specific consent. These purposes will be detailed at the time of obtaining your consent. INO will not use your personal data for purposes other than those detailed herein. Upon request, INO will delete, as far as possible, your personal data collected directly by INO on its Website or will provide you with such data in a format that allows it to be portable. INO has designated a representative for personal data protection issues. His contact details are available on request.