PERSONAL INFORMATION CONFIDENTIALITY POLICY
Policies and practices governing the management of personal information
IT Assurance is committed to collecting the minimum amount of data necessary and protecting all
personal information collected and used in the course of its activities. IT Assurance is certified ISO
27001, demonstrating its commitment to protecting client information at all times.
PURPOSE OF INFORMATION COLLECTION
Our privacy protection policy outlines the standards for collecting, using, disclosing, and storing your
personal information. It also explains how we protect your personal information and your right to access
Personal information is defined as any information or combination of information that relates to an
individual and allows for their identification (such as information about their financial situation, social
insurance number, driver's license, and health insurance number). However, an individual's name, as
well as their professional contact information, such as their job title, address, phone number, and work
email address, are not considered personal information.
Personal information must be protected regardless of its format and regardless of whether it is in
written, graphic, audio, visual, computerized, or other form.
When we obtain information about you, we first ask for your written consent to collect, use, or disclose
your collected information for the indicated purposes. We will seek your consent for any other use,
disclosure, or collection of your personal information or when the purposes for which your information
was collected change.
Our company is committed to using the information provided only for the purposes for which it was
collected and to retaining it for the duration necessary to fulfill the requested service.
However, we may collect, use, or disclose them without your consent when permitted or required by
law. In certain special circumstances, we may collect, use, or disclose personal information without your
knowledge or consent. Such circumstances arise when, for legal, medical, or security reasons, it is
impossible or unlikely to obtain your consent or when the information is necessary for investigating a
possible breach of contract, preventing or detecting fraud, or enforcing the law.
LIMITATIONS OF THE COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION
The purposes for which information is collected are generally to confirm a persons identity, create an
employee file, and comply with legal requirements (certain information required for tax purposes).
We limit the collection, use, and disclosure of your personal information only to the purposes we have
indicated to you. Your personal information can only be accessed by certain authorized persons and only
as part of the tasks assigned to them.
STORAGE OF INFORMATION
We keep your personal information for as long as necessary for the purposes for which it was collected.
We must destroy this information in accordance with the law and our record retention policy. When we
destroy your personal information, we take necessary steps to ensure its confidentiality and ensure that
no unauthorized person can access it during the destruction process.
We are responsible for the personal information that we have in our possession or under our control,
including information that we entrust to third parties for processing. We require these third parties to
maintain this information according to strict standards of confidentiality and security.
followed to protect this information.
Our staff is informed and adequately trained on our policies and practices regarding the protection of
We have implemented and continue to develop rigorous security measures to ensure that your personal
information remains strictly confidential and protected against loss or theft, and against unauthorized
access, communication, copying, use or modification.
These security measures include organizational measures such as restriction of access to what is
necessary; backup and archiving of data using an external system, etc.; and technological measures such
as the use of passwords and encryption (e.g. frequent password changes and the use of firewalls).
Access to personal information
Only authorized personnel can access information about you. The company ensures that these
individuals are qualified to access this information and that access is necessary in the performance of
ACCESS REQUESTS AND MODIFICATIONS
You have the right to know if we hold personal information about you and to access that personal
information. You also have the right to ask questions about how this information was collected and
used, and to whom it has been disclosed.
We will provide you with such information in writing within a maximum of 30 days from the date of
receipt of the written request. Reasonable fees may also be charged to process your request.
In certain special circumstances, we may refuse to provide you with the requested information.
Exceptions to your right of access include, among other things, that the information requested pertains
to other individuals, that the information cannot be disclosed for legal, security, or copyright reasons,
that the information was obtained in connection with an investigation into fraud, that the information
can only be obtained at prohibitive costs, or that the information is subject to litigation or is privileged.
When we hold medical information about you, we may refuse to provide it to you directly and may ask
that it be transmitted to a healthcare professional whom you have designated to provide it to you.
You can verify the accuracy and completeness of your personal information and, if necessary, request a
modification. Any request for modification will be processed within a reasonable time.
Any request for access to personal information or modification of personal information can be sent to
the address below:
Name: Luigi Tiano
Phone number: 877-892-3399 ext. 1
COMPLAINTS AND QUESTIONS
You may contact the Privacy Officer at the above address.
Any complaints regarding privacy should be directed to the Privacy Officer at the above address.
We will investigate all complaints. If a complaint is found to be justified, we will take appropriate
measures, including, if necessary, amending our policies and practices.
Education and awareness
The company promotes best practices and respect for transparency and privacy rights in a number of
- It informs all staff on its team (consent form);
- Posting the name and contact information of the person responsible for PII;
- Posting the name and contact information of the person responsible for PII:
- Privacy briefings, team meeting reminders, staff training, PII action plan, logbook, etc.
If for any reason you believe that the Company has not adhered to these principles, please notify our
Privacy Officer. We will then take steps to determine and correct the problem in a timely manner. Please
This policy shall be reviewed every three years. It will also need to be updated when there is a
substantial change in legislation or regulatory requirements.
Updated: March 1, 2023