Privacy and Confidentiality Policy

Last update: November 30, 2023

The Act respecting the protection of personal information in the private sector ("Act") governs the collection, use, retention, protection and destruction of personal information.

The present Privacy and confidentiality policy ("Policy") aims to ensure the protection of personal information and to provide a framework for the way in which Groupe Ingeno inc. ("Ingeno") collects, uses, communicates, stores and destroys them. Indeed, the Policy explains how your personal information may be collected, used or disclosed by Ingeno, through its website, its applications and in its relations with customers and suppliers.

By providing us with personal information, you agree to its processing in accordance with the Policy.

1. Application and definitions

This Policy applies to Ingeno, which includes but is not limited to its officers, employees, consultants, volunteers, directors, as well as any person or entity providing services on behalf of Ingeno. It also applies with respect to the Ingeno website, as well as all websites controlled and maintained by Ingeno.

It covers all types of personal information held by Ingeno, emanating in particular from its current or potential customers, consultants, employees, subcontractors or any other persons (such as visitors to its websites or otherwise).

For the purposes hereof, personal information means any information relating to a natural person that allows that person to be identified or that, individually or in combination with other information, allows that person to be identified.

2. The information we collect

In the course of its activities, Ingeno needs to collect certain personal information. This includes, but is not limited to, the following information:

  • Contact information (name, address, email or telephone number);
  • Information relating to or emanating from its customers or to which it may have access in the course of providing its services and which meets the definition of personal information;
  • Information required for billing purposes, such as a billing address, banking information or payment system data;
  • Information relating to marketing and communication preferences;
  • Information relating to the use of its website, including technical information on visits, IP address, operating system, pages visited and requested, connection information, or any other information collected through cookies, log files or other similar tools, notably for service improvement and statistical purposes;
  • Information relating to the recruitment of employees, such as CVs, professional or academic history, disciplinary, ethical, criminal or penal background and any other information relevant to potential recruitment;
  • Information relating to employees for the purposes of entering into and performing their employment contracts and complying with the various applicable employment laws, including information collected by Ingeno for the purposes of the employee file;
  • Any other information necessary for the purposes of complying with its legal, regulatory or contractual obligations.

3. Purposes of collection, use and communication

Ingeno will document the purposes for which personal information is collected. Ingeno will collect only the information necessary for those purposes.

In the course of its activities, Ingeno may collect different types of information for different purposes, including to:

  • Motivate and maintain a relationship with the customer, provide services, and fulfill legal and contractual obligations, including project management and billing;
  • Respond to inquiries;
  • Gather information as part of a program. Note that it is sometimes necessary to communicate the information provided to the program in question;
  • Register customers for events organized by Ingeno;
  • Know the preferred language of communication;
  • Subscription to Ingeno newsletter and seminars;
  • Ensure its legal, regulatory and contractual obligations;
  • Communicate with data subjects as part of market research, marketing, advertising and information campaigns or to evaluate customer service and satisfaction of customers, employees or any other person;
  • Update, improve and manage its databases, document management systems, and website;
  • Develop and manage your business and activities;
  • Recruit and consider future employees;
  • Conclude and execute employment contracts with its employees and comply with applicable employment laws and regulations;
  • To detect and protect against errors, negligent acts, contractual breaches, acts of fraud, theft and other illegal activities and to meet its insurance obligations;
  • To comply with its legal and regulatory obligations;
  • Any other purpose necessary for the activities of Ingeno and to which you have consented;

Ingeno will also inform individuals, at the time of collection of personal information, of the purposes for which it is collected and the means of collection, in addition to other information to be provided as required by the Act.

Ingeno applies the following general principles with respect to the collection, use and disclosure of personal information:

Consent:

  • By providing us with personal information through our website, by telephone, email, in person or by any other means, you consent to the collection, use and disclosure of your personal information in accordance with this Policy.
  • In general, Ingeno collects personal information directly from and with the consent of the individual concerned, unless an exception is provided by law. Consent may be obtained implicitly in certain situations, for example, when the individual decides to provide his or her personal information after being informed by the Policy about use and disclosure for the purposes indicated therein. The Policy and the information it contains will be available for consultation by the person concerned at the time personal information is collected.
  • In general, Ingeno obtains the consent of the person concerned before collecting his or her personal information from third parties and before disclosing it to third parties. However, Ingeno may act without consent in certain cases provided for by the Act and under the conditions set forth therein.

Collection:

  • In all cases, the collection of personal information is limited to that necessary to fulfill the intended purpose.
  • Please note that Ingeno’s services and programs are not intended for minors, and more generally, Ingeno does not intentionally obtain personal information about minors (in these cases, information cannot be collected from them without the consent of a parent or guardian).
  • Ingeno may collect personal information from third parties. Unless an exception is provided by law, Ingeno will seek the consent of the person concerned before collecting personal information about him or her from a third party. This collection through third parties may be necessary to use certain services or programs, or to otherwise do business with Ingeno.

Detention and use:

  • Ingeno ensures that the information it holds is up-to-date and accurate at the time it is used.
  • Ingeno may use an individual’s personal information only for the purposes stated herein or for any other purposes provided at the time of collection. As soon as Ingeno wants to use this information for another reason or another purpose, a new consent will have to be obtained from the person concerned, which will have to be obtained expressly if it concerns sensitive personal information. However, Ingeno may use the information for secondary purposes without the individual’s consent under the conditions set out in the Act.
  • Ingeno implements measures to limit access to personal information only to those employees and persons within its organization who are qualified to know and for whom the information is necessary in the performance of their duties.

Communication:

  • In the course of its activities, Ingeno may share personal information with certain third parties for the purposes set out in section 3 of the Policy. These third parties may include:
    • Service providers for recruitment, compensation processing, insurance, benefits, disability or other services necessary for the purposes of entering into and performing the employment contract;
    • Governmental and supervisory authorities where required by applicable law or where necessary for the provision of its services;
    • Providers of data hosting, billing and online payment services;
    • Service providers relating to the use of its website and advertising strategy (hosting, security, cookies).
  • In the course of its activities and for the purposes set out in the Policy, it is possible that Ingeno may do business with partners or third parties located outside Quebec for the performance of certain contracts. As a result, it is possible that some of the personal information it holds may be transferred to another country and be subject to the laws of that jurisdiction.
  • Ingeno takes care, however, to protect personal information in its custody, including personal information entrusted to a third party, whether located in Canada or abroad.
  • Our privacy policies and practices require that a written commitment be signed by this service provider to fulfill its obligation to maintain the confidentiality and security of personal information entrusted to it. This includes implementing robust and effective security measures, but also prohibiting the disclosure of the personal information in question to others.

4. Privacy Impact Assessment (PIA)

Conducting a PIA is a preventive approach aimed at better protecting personal information and respecting the privacy of individuals. It involves considering the factors likely to have a positive or negative impact on the privacy of the individuals concerned. The completion of a PIA demonstrates that Ingeno has complied with all its privacy obligations and that all measures have been taken to effectively protect this information.

Ingeno performs a PIA notably in the following situations:

  • Before undertaking a project for the acquisition, development and redesign of an information system or electronic service delivery that involves personal information;
  • Before communicating personal information outside Quebec.

In conducting a PIA, Ingeno takes into account, among other things, the sensitivity of the personal information concerned, the purposes for which it is used, its quantity, distribution and the medium on which it is held, as well as the measures proposed to protect the personal information.

5. Retention and destruction of personal information

Except where a minimum retention period is required by applicable law or regulation, Ingeno will retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected.

At the end of the retention period or when the personal information is no longer needed, Ingeno will ensure that it is destroyed.

The destruction of personal information by Ingeno is done in a secure manner to ensure its protection.

6. Website

For the purposes of our business, we operate a website. The personal information we collect on the https://ingeno.ca/ website is collected in particular in order to follow up on your requests, for example when you provide your name, email, address in the form provided for this purpose in the "Contact" section of the website.

Use of cookies

A cookie is a small data file created by your browser and placed on your computer, mobile device, tablet or other device when you use your browser to visit an online service. Cookies allow websites to remember certain information about you in order to facilitate your access and navigation within our sites. Cookies can only be read by the Web site that transmits them to your computer.

We use certain cookies on our site, in particular to:

  • Remember your settings and preferences, such as your province or language;
  • Produce statistical compilations (page popularity, average number of pages visited and average time each Internet user spends on the site) for the purpose of improving our services;
  • Analyze our performance, in particular to learn more about which functions are appreciated by our users and which may require some modification;
  • Analyze the effectiveness of our advertising strategy and the implementation of follow-up follow-up marketing and tailored advertising.

Please note that the use of cookies only identifies you as a user and does not recognize you by means of your name or address.

It is possible to prevent the personalization features of our website by disabling cookies on your browser. You can do this by changing the settings on your browser or mobile device.

However, if you decide to refuse cookies, some pages or sections of our website may not display properly and some features may not be available.

Use of Google Analytics

Ingeno uses Google Analytics to analyze the browsing behavior of visitors to its site in order to enable its continuous improvement. In particular, Google Analytics makes it possible to analyze how a visitor interacts with a website. Google Analytics uses cookies to generate statistical reports on visitor behavior and content viewed. By using this tool, Ingeno may obtain the following information in particular:

  • Number of visitors to the site;
  • Type of browser, language and operating system used;
  • Screen resolution;
  • Name of service provider;
  • Date, time and duration of visits;
  • Country/province from which site is accessed;
  • Age/sex;
  • Pages viewed;
  • Source (provenance) of traffic;
  • Centers of interest;
  • Search terms within the website (search fields).

The information collected by Google Analytics is used to analyze the use of the Ingeno website and to produce statistical reports on visitor activity. Information from Google Analytics will never be shared by Ingeno with third parties.

It is possible to install a browser add-on to disable Google Analytics. You can get more information about Google Analytics here.

Other technological means used

If Ingeno collects personal information by offering a technological product or service that has privacy settings, Ingeno must ensure that these settings provide the highest level of privacy by default (cookies are not covered).

It is important to understand that this Policy does not apply to other third-party websites that may be accessed from links on our website. We are not responsible for third-party sites, their content or access to them. As a result, any personal information you transmit through these sites is subject to their privacy policies. It is your responsibility to read them to ensure the protection of your personal information.

7. Responsibility of Ingeno

Under applicable law, Ingeno is responsible for protecting personal information in its possession or control.

The Ingeno Privacy Officer is the organization’s Director of Operations. He or she is generally responsible for ensuring compliance with applicable legislation concerning the protection of personal information. The person in charge must approve the policies and practices governing the governance of personal information. More specifically, this person is responsible for implementing the Policy and ensuring that it is known, understood and applied. In the event of the absence or inability to act of this person, the President of Ingeno will assume the duties of the Privacy Officer.

Employees of Ingeno who have access to or are otherwise involved in the management of personal information must ensure its protection and comply with the Policy. The roles and responsibilities of Ingeno employees throughout the life cycle of Personal Information may be specified by any other Ingeno policy in this regard, as applicable.

In order to protect your personal information, we have implemented internal policies, practices and procedures relating to the management of the personal information we hold.

These govern the collection, use, disclosure, retention and destruction of personal information, as well as the handling of complaints and information security. They also provide the framework for the implementation of privacy impact assessments, as well as for the prevention of and potential response to privacy incidents.

In addition, Ingeno ensures that its staff undergoes the training and awareness activities required to ensure the protection of personal information.

8. Non-responsibility

Despite the measures implemented by Ingeno under the Policy, the latter cannot guarantee the absolute security of personal information disclosed to it. Thus, in the absence of fault on the part of Ingeno, the latter cannot be held liable for any damage that may be suffered in connection with the disclosure made to it of personal information, including those that may be caused by a third party.

By disclosing personal information to Ingeno, you acknowledge that the latter has no control over the third parties authorized to collect such information, which may include your employees, subcontractors, customers and others. Accordingly, Ingeno shall in no event be held liable for any failure by such third parties, including its service providers, to comply with applicable laws.

By disclosing personal information to Ingeno, you thereby warrant to Ingeno that you have obtained all the consents required for the use intended by Ingeno, and therefore, that you are authorized to disclose the same to Ingeno for the purposes required. In doing so, you also agree to hold Ingeno harmless as well as to take up the latter’s defence in connection with any recourse, complaint, or claim that a third party may assert against Ingeno in connection with the personal information that you have disclosed to the latter, including in particular information concerning your employees, subcontractors, customers and others.

9. Data security

Ingeno implements reasonable security measures to ensure the protection of the personal information it holds.

10. Privacy incident management and notification procedures

Any privacy incident is handled in accordance with the Privacy Incident Management Policy.

In compliance with the Act, Ingeno maintains a register of privacy incidents.

If the confidentiality incident presents a risk of serious harm to the persons concerned, Ingeno must notify them as soon as possible as well as the Commission d’accès à l’information.

11. Updating personal information

By disclosing personal information to us, you agree to notify us of any changes concerning such information. This notice may be sent to our Privacy Officer.

To ensure that we are able to conduct our business, we also take reasonable steps to ensure that your personal information is accurate, complete and up-to-date over time. We may ask you to update your personal information, contact details or preferences from time to time, and each publication, invitation and notice is provided with an option, either by link or in hard copy, for you to opt out of receiving them in the future.

12. Personal information rights and complaint handling process

Rights of access, rectification, withdrawal of consent and de-indexation

Subject to applicable laws and regulations, individuals who wish to consult, rectify or withdraw their consent or have their personal information contained in our files de-indexed may make a request in writing directly to our Privacy Officer at the following coordinates:

Privacy officer:

Stéphane Marcoux
Groupe Ingeno inc.
025-330, Rue Saint-Vallier E
Québec (Québec) G1K 9C5
Tel : +1 844-446-4366
legal@ingeno.ca

Subject to applicable legal and contractual restrictions, data subjects may request access to their personal information held by Ingeno and/or correction in the event that it is inaccurate, incomplete or equivocal. They may also demand that the dissemination of personal information concerning them cease or that any hyperlink attached to their name allowing access to this information by a technological means be de-indexed, when the dissemination of this information contravenes the law or a court order. Where permitted by law, they may demand that the hyperlink providing access to this information be re-indexed. Data subjects may also withdraw their consent to the communication or use of the information collected.

Our Privacy Officer shall respond in writing to any such request within thirty (30) days of receipt. Any response refusing the request must be reasoned and accompanied by the legal provisions justifying the refusal. In such event, the response must also indicate the remedies provided under the Act in such matters and the time limit for exercising them.

If you have any questions about the Policy, please contact our Privacy Officer, whose contact details are given above.

Complaint handling

Any person who wishes to make a complaint in application of the Policy or, more generally, concerning the protection of his or her personal information by Ingeno, must do so in writing to the Ingeno Privacy Officer, at the email address indicated above.

The individual will be asked to provide his or her name, contact information, including a telephone number, as well as the subject and reasons for his or her complaint, giving sufficient detail for the complaint to be evaluated by Ingeno. If the complaint formulated is not sufficiently precise, the Privacy Officer may request any additional information he or she deems necessary to be able to assess the complaint.

Ingeno undertakes to treat all complaints received confidentially.

Within 30 days following receipt of the complaint or following receipt of all additional information deemed necessary and required by Ingeno’s Privacy Officer in order to process it, the latter shall evaluate it and formulate a reasoned written response by email, to the complainant. The purpose of this assessment will be to determine whether Ingeno’s handling of personal information complies with the Policy, any other policies and practices in place within the organization and applicable legislation or regulations.

In the event that the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons justifying any extension of time, the status of the processing of their complaint and the reasonable time required to be able to provide them with a definitive response.

Ingeno shall establish a separate file for each complaint addressed to it. Each file contains the complaint, the analysis and documentation supporting its assessment, and the response sent to the person who originated the complaint.

It is also possible to file a complaint with the Commission d’accès à l’information du Québec or any other privacy oversight body responsible for the application of the law concerned by the subject of the complaint.

However, Ingeno invites any interested person to first contact their privacy officer and to wait for the completion of the process handled by Ingeno before taking any further steps.

13. Approval

The Policy is approved by Ingeno’s Privacy Officer, whose contact details are as follows:

Stéphane Marcoux
Groupe Ingeno inc.
025-330, Rue Saint-Vallier E
Québec (Québec) G1K 9C5
Tel : +1 844-446-4366
legal@ingeno.ca

For all requests, questions or comments under the Policy, please contact the latter by email.

14. Sanctions

Ingeno personnel are required to comply with the Policy as well as any other guidelines, procedures or policies on the same subject. Any employee who fails to comply with these is subject to disciplinary action up to and including dismissal. If we are required to disclose personal information to third parties under the Policy, including consultants, service providers or others, we will take reasonable steps to ensure compliance with the Policy.

15. Publications and modifications

The Policy, including any modifications that may be made thereto is published on the Ingeno website, as well as on all websites controlled and maintained by Ingeno, which are subject to the Policy

Ingeno may modify or supplement this Policy at any time.

Updated: November 30, 2023