POLICY FOR THE PROTECTION OF PERSONAL INFORMATION

Reviewed September 2023

 

1. Introduction

Insum undertakes to conduct its business in compliance with all applicable data protection laws and regulations, and in accordance with the standards of ethical behavior.

Insum is committed to protecting your privacy and your personal information. To ensure transparency, Insum adopted a “Policy for the Protection of Personal Information” regarding the personal information it collects, in compliance with the applicable regulations.

Definitions

Applicant”: Any person who applied for a position with Insum, or who has been contacted by Insum or a headhunting firm regarding a position.

 

Employee”: Any individual hired by Insum, regardless of their status.

HR” or “Human Resources”: Any department or member of a department involved in staff management, hiring, payroll, or relationships with organizations representing staff within Insum.

Personal Information” or “Personal Data”: Any information relating to an individual, so long as the individual can be identified either (i) directly with all the information held by Insum, or (ii) indirectly with all the available information regarding that individual, and depending on the technical means.

Person Concerned”: Individual to whom the Personal Information relates.

 

2. Who Is Responsible for the Protection of Personal Information?

Insum appointed an official responsible for the protection of Personal Information who ensures that the internal practices comply with the applicable regulations. For any questions regarding your privacy and Personal Information, contact our Director of Legal Affairs and Compliance: legal.americas@talan.com or 514-937 1188.

If, for any reason, you believe our response was unsatisfactory, you can file a complaint with the Commission d’accès à l’information du Québec, the privacy commissioner of your province, or the Office of the Privacy Commissioner of Canada.

 

3. What Data Is Being Collected?

We typically make sure that the Personal Information is collected in a lawful, transparent, and loyal manner. We undertake to inform any Person Concerned of the end of the data collection, to collect only Personal Information that is appropriate, relevant, and necessary to the purpose of the collection, and to retain Personal Information only as long as strictly required for the purpose of the collection.

The types of Personal Information we may collect include the following:

  • Identification data, such as last name, first name, telephone number, email address;
  • Applicant data, such as last name, first name, email address, telephone number, work experience, and any information you provide us with your application or résumé, or during interviews (skills, level of education, languages spoken, salary expectations, home address, leisure activities, etc., if you wish to apply for a position with the Insum Group);
  • Business data, such as last name, first name, duties, company affiliation, whether you are a supplier or service provider for Insum.

In the context of human resource management, Personal Information we may collect include the following:

  • Data on social insurance and immigration status;
  • Data on business transport and travel, such as an employee’s means of transportation for reimbursement of transport costs (transit fares, vehicle operating costs, etc.);
  • Data on training and career, such as résumé, degrees, training experience, work experience, cover letter, information provided by the applicant, summary of interviews, interview dates, work permit, foreign languages spoken;
  • Data on professional life, such as employment contract, date of hire, employee ID number, job title;
  • Financial data, such as withholding tax, salary level, posting of salary and other compensation elements, RRSP, banking account details;
  • Data on video surveillance, and access control (Insum implements video surveillance, and access control systems in its premises, which result in the collection of data such as video recordings, access information, and the moment at which the data was collected);
  • Any additional data that we need to collect to manage the employment relationship.

 

4. For What Purpose Is Your Data Being Collected?

Each Person Concerned is informed in a clear and precise manner of the intended purpose and aim of the collection.

(i) Customers – prospects – service providers: Your Personal Information is collected so that you can benefit from our service offerings, carry out our contracts, and attend our events.

In particular, the collection of your Personal Information aims to meet one or several of the following purposes:

Facilitate the administrative and commercial management and execution of contracts, and facilitate the execution of projects:

  • Respond to any question, contact request, or appointment request;
  • Develop our offerings based on services in which you may be interested, encourage you to attend our events and sign up to our blog, bearing in mind that you can, at any moment and at no expense, oppose to commercial prospecting by clicking the unsubscribe link included in each email or by contacting us via the reference information found in Section 2;
  • Keep our customer files up to date to constantly meet your expectations.

(ii) Applicants: Application management (automatic or manual résumé screening), classification and rating of applicants.

(iii) Employees: Your Personal Information is collected for one or several of the following purposes.

 

  • Management of the employment relationship (administration of compensation, payroll, and other standard employment duties)
  • Administration of HR processes, including performance and absence management, disciplinary matters, and complaints
  • Security management
  • Provision of computer equipment
  • Compliance with the applicable regulations (obligations relating to maternity leave, work schedules, compensation, salary and benefits payable in accordance with the employment contract, annual wage increase and any other salary adjustment, etc.)
  • Compilation of statistics, and conduct of surveys and research in order to generate internal and statutory reports
  • Fulfilment of our responsibilities in accordance with the legislation on equality, immigration, and public safety

 

5. For How Long Will Your Data Be Kept?

Insum will retain your Personal Information as long as necessary for the purposes for which they have been collected, and in accordance with the applicable legislation. Thus, the retention period of your Personal Information depends on the end of the collection of your Personal Information.

To determine the retention period of your Personal Information, we use the following criteria.

  • If cookies are being used, we determine their lifetime by following the limit established by the competent authority, i.e., thirteen (13) months.
  • When we retain some of your Personal Information to comply with a legal or regulatory obligation, and for us to exercise our rights, we retain your data where necessary for the period indicated in the reference legal text (for instance, the limitation period or legal retention period).
  • In the context of an application, your résumé and the information you will have entered during the hiring process will be retained during two (2) years after your last contact with Insum, unless you oppose it. Only your explicit agreement enables a longer retention period.
  • The data you have entered in the contact form will be retained as long as necessary to respond to your request.
  • Your employee profile and HR file will be retained by the Insum Group until the end of your employment contract, some of your Personal Information being archived for a longer period than what the law prescribes, or for the exercise or advocacy of legal rights (for instance, a limitation period during which someone could resort to court action).

 

6. What Are Your Rights as a Person Concerned, and How to Exercise Them?

Depending on how your Personal Information is processed, you could have the following rights.

  • Right of access
    The right to obtain confirmation from our end about whether Personal Information about you is being processed. Where appropriate, you can access your Personal Information and obtain other information such as the end of the collection period, and the categories of Personal Data concerned.
  • Right to rectification

The right to obtain rectification of inaccurate Personal Information about you.

  • Right to erasure (or right to oblivion)

The right to obtain erasure of your Personal Information, insofar as one of the reasons justifying the exercise of this right applies.

  • Right to data portability

The right to receive your Personal Information in a structured format, commonly used and machine readable, and the right to send that information to a third party with no objection from our end.

  • Right to opposition
    The right to be able, for example, to prohibit us from using your Personal Information for direct marketing purposes.

The right to establish guidelines for the processing of your Personal Information after your death.

To exercise these rights, you can contact us via legal.americas@talan.ca.

In order for us to process your request in a satisfactory manner, you will need to prove your identity by any means. For the avoidance of doubt on our behalf, we can ask you for additional information, including the transmission of a copy of a personal identification document, signed by you.

We will do our best to respond to your needs. Whatever our response, we will send it to you within a one-month period, but our response time can be extended by an additional two-month period depending on the complexity and number of requests.

 

7. Who Can Access Your Personal Information?

Authorized individuals within Insum and, in some circumstances, our subcontractors can access your Personal Information. We make every effort to make sure the number of these individuals remains as low as possible, and we preserve the confidentiality and security of your Personal Information. These authorized individuals, subcontractors and third-party recipients may be located outside Quebec.

To that extent, we only give them the information they need to provide their services and ask them not to use your Personal Information for other purposes. We make every effort to ensure that the trusted providers with whom we conduct business preserve the confidentiality and security of your Personal Information. We also make sure that when a business relationship with a provider comes to an end, that provider deletes your Personal Data without delay.

We carefully select our trusted providers by ensuring they offer sufficient guarantees, particularly in terms of expertise, reliability, and resources, to implement the technical and organizational measures that can meet the requirements of the applicable legislation, most notably in regard to processing security. In this respect, we make sure that our trusted providers process Personal Information exclusively according to our documented instructions. We also ensure that their staff members are committed to respecting your privacy or abide by an appropriate legal obligation in regard to confidentiality.

Internally, your Personal Information can only be accessed by the HR department, or any other department on a strict need-to-know basis. The access is strictly controlled by our data protection officer to ensure the Group’s compliance with the applicable laws.

 

8. Which Security Measures Have We Implemented in Regard to Your Personal Information?

Insum implemented appropriate technical and organizational measures in respect to the type of data and risk to preserve the security and confidentiality of your Personal Information, and in particular to prevent unauthorized third parties to access them.

These measures can notably include practices such as limited access by staff members of departments authorized by virtue of their duties, contractual performance guarantees in the event of recourse to external providers, privacy impact assessments, regular reviews of our privacy practices and policies, and/or physical and/or logical security measures (secured access, authentication procedures, backup copies, antivirus software, firewalls, etc.).

 

9. Cookies

Cookies are small text files stored on your computer or device when you browse the internet. Cookies can be used to collect, store and share information about your online activity, and the websites and web services you use.

When browsing the internet, you can authorize or reject the storage of cookies on your computer. If you choose not to use cookies, you may miss out on certain features of our site.

Our websites use the Google Analytics metric tool to collect traffic and statistical data. This data is anonymized to comply with the current regulations for the protection of Personal Information.

You can set up cookies directly from your browser and either choose the systematic refusal of cookies or their authorization on a case-by-case basis.

 

10. Links to Third-Party Sites – Social Networks

The Insum website may contain links to social networking platforms managed by individuals or organizations on which Insum has no control.

We invite you to review the applicable policy regarding the protection of Personal Information on each third-party website you access through our website in order to assess how your Personal Information will be used.