Policy on the protection of personal and confidential information
Humance is committed to respecting your privacy and protecting your personal information.
In the course of using its services, Humance is likely to collect personal information and you are likely to communicate such information.
The purpose of this policy is to explain the following to users of the services offered by Humance:
- How their personal data is collected and processed
- What rights they have to their data
- Who is responsible for processing the personal data collected and processed
- To whom this data is transmitted
2. Applicable laws
In the course of using its services, Humance may collect personal information, and you may disclose such information. The collection, use, communication and retention of your personal information are subject to the Loi sur la Protection des Renseignements Personnels dans le secteur Privé (RLRQ, c. P-39.1).
At the same time, the personal information of a European resident will be processed in accordance with the European Union’s General Data Protection Regulation (GDPR).
3. Personal information
Any information that relates to a person and allows that person to be identified is considered personal information. Your personal information may include, but is not limited to, your first and last name, date of birth, residential address, telephone numbers, gender, e-mail address, information about your family situation, information you enter when you create a profile to join one of our services, your lifestyle or your health.
However, personal information does not include information concerning a person’s position within an organization, such as name, title and position, as well as work address, e-mail address and telephone number.
4. Our commitment
We have established and implemented internal policies and procedures to adequately protect personal information in our possession, regardless of the medium or form in which it is held. We review them on a regular basis.
We make our staff aware of the importance of protecting personal information by requiring them to undergo training on the subject and by issuing occasional directives outlining their role and obligations in this regard.
5. Information gathering objectives
In the course of our activities, we collect your personal and confidential information solely to enable us to provide you with the requested services in an appropriate and personalized manner. In all cases, the disclosure of your personal and confidential information will be subject to obligations to maintain confidentiality and comply with applicable laws.
Subject to the exceptions and requirements of applicable laws, we will not communicate or disclose your personal information to any third parties without your consent.
By using our services, you consent to the collection, use and disclosure of your personal and confidential information in accordance with this policy. The form of consent may vary depending on the context or the service requested.
Among other things, your consent will be requested:
- By a person representing our general management for contractual purposes
- By a representative of our human resources department
- By a representative of one of the services you wish to join
- By the main service provider in cases where Humance acts as a subcontractor
You may withdraw your consent at any time, subject to certain legal or contractual restrictions.
In certain limited circumstances, we may collect, use or disclose personal information without your knowledge or consent. Such circumstances may arise, for example, when, for legal, medical or security reasons, it is impossible or unlikely to obtain your consent, or when the information is required to investigate a possible breach of contract, to prevent or detect fraud, or to enforce the law.
Before disclosing personal information about another person to us, you must obtain that person’s consent to the disclosure and processing of that personal information under the terms of this policy.
6.1 Personal information concerning a minor
Personal information concerning minors under 14 years of age will not be collected from them without the consent of the parent or guardian.
7. Limits on collection, use and disclosure
We limit the collection, use and disclosure of your personal information to the purposes we have identified to you. Personal information is accessible to any person entitled to receive it within Humance when this information is necessary for the performance of their duties.
If you submit personal information to one of our websites for publication, we will publish it and may use the information in accordance with the permissions you grant us.
We may use the personal information we collect for the following purposes, among others:
- To provide the requested service
- To confirm your identity and respond to your requests for information
- To improve our service offering
- To operate and improve the website and our solutions while understanding usage patterns
- To provide any other complementary service associated with the requested service
- To meet legal and regulatory requirements
- To control the quality of customer service and prevent errors and fraud
We may disclose your personal information to any of our staff, professional advisers, suppliers, or sub-contractors or subsidiaries to the extent reasonably necessary to provide the services requested and for the purposes set out in this policy.
As a general rule, we do not disclose your personal information. Occasionally, we may share your personal information with certain suppliers or agents in order to provide the services you have requested. In all cases, we comply with the restrictions and requirements set out in the Act when we disclose your personal information and, in certain circumstances, this is subject to a written agreement and a security assessment demonstrating that your personal information benefits from adequate protection similar to that in place within Humance.
We do not sell your personal information to third parties.
7.4 Impact assessment
A Privacy Impact Assessment (PIA) on the use of personal information by our services and/or systems is conducted before any personal information is collected by Humance. When transfers are made outside Quebec, the impact of such a transfer will also be assessed.
7.5 International data transfers
The information we collect may be stored, processed and transferred in all countries in which Humance and its subcontractors offer their services, in order to enable us to use the information in accordance with this policy.
The information we collect may be transferred to or processed in the following countries: the United States of America and certain countries of the European Union.
Personal information that you publish on our website or submit for publication may be available worldwide via the Internet. We cannot prevent the use, good or bad, of this information by third parties.
You expressly agree to the transfer of personal information as described in this section.
8. Non-personal information
We automatically collect certain non-personal information using a third-party analytics program such as Google Analytics to help us understand how our visitors use our web services, but none of this information identifies you personally. The following information may be collected, stored and used:
- Information about your computer, including your IP address, geographical location, browser type and version, and operating system
- Information about your visits to and use of our Web sites, including the referring source, length of visit, pages viewed and Web site navigation paths
- Information generated when you use our site, including when, how often and under what circumstances you use it
9.1 Cookies we use on our websites
- Technical or functional cookies: Some cookies ensure that certain parts of a website function correctly and that your preferences as a user are taken into account. Setting functional cookies makes it easier for you to visit our websites. For example, you may not need to repeatedly enter the same information when visiting our websites, since this information is saved in a cookie.
- Statistical cookies: Statistical cookies are sometimes used to optimize the user experience on our websites. With these statistical cookies, we can obtain information about the use of our websites.
- Marketing/tracking cookies: Marketing/tracking cookies are cookies or other forms of local storage used to create user profiles in order to display advertising or to track the individual on one or more of our websites for similar marketing purposes.
9.2 Cookies used by our service providers
9.3 Cookie management
10. Retention of information
When your personal information is no longer required, it is destroyed in accordance with the Act and our records retention policy. In certain circumstances, we may anonymize the personal information we retain.
Your personal and confidential information is retained, directly or through subcontractors, only as long as necessary for the provision of the requested services and to meet applicable legal and regulatory requirements. We require our subcontractors to subscribe to confidentiality commitments and to apply policies equivalent to this one. In all cases, access to your personal and confidential information is restricted to those persons for whom access is necessary for the performance of their duties.
We are responsible for personal information in our possession or custody, including information we entrust to third parties for the purpose of providing you with the requested service. We require these third parties to maintain this information under strict confidentiality and security standards.
Our staff is informed and properly trained on privacy policies and practices.
12. Information security measures
We have implemented a number of information security measures with respect to the personal information and confidential data we hold in order to protect such information against loss or theft and to prevent unauthorized access, transmission, use or modification of such personal information, including the following subsections:
12.1 Privacy Impact Assessment
Humance performs a Privacy Impact Assessment (PIA) on any project involving the acquisition, development or redesign of an information system or the electronic delivery of services that involves the collection, use, disclosure, retention or destruction of personal information. This assessment documents the serious and legitimate interest in the use of personal information.
12.2 Secure computing environments
Infrastructure and equipment are hosted in a secure environment in a data center located in Quebec, Canada. In cases where it is impossible to host a solution or service in Quebec, we ensure that security measures equivalent or superior to those required by this Policy are put in place.
Access to Humance web services is via a secure SSL (HTTPS) transmission channel.
12.3 Access management
Only those members of our staff whose duties require it have access to personal or confidential information. Data access is logged and monitored.
12.4 Training and awareness-raising
Our staff and partners are trained and made aware of the importance of protecting your personal information.
12.5 Commitment to confidentiality
Our staff members sign a confidentiality agreement.
Security audits are carried out by firms specializing in information security.
Humance ensures the physical and technological security of the personal information it holds in order to prevent accidental destruction, loss, disclosure or inappropriate destruction.
We retain your personal information only as long as necessary for the purposes for which it was collected. We must destroy or anonymize such information in accordance with the Act and our retention schedule. When we destroy or anonymize your personal information, we take the necessary steps to ensure its confidentiality and that no unauthorized person has access to it during the destruction or anonymization process.
12.7 Managing incidents involving personal information
If Humance has reason to believe that a confidentiality incident involving personal information has occurred and that there is a risk of serious harm caused by the incident, Humance will, with due diligence, inform the Commission d’accès à l’information and any person whose personal information is affected by the incident. Humance may also notify any person or organization that may be able to mitigate this risk, by communicating only the personal information required for this purpose without the consent of the person concerned. In all cases, a log will document the incident for reference purposes.
13. User rights
13.1 Request for access, withdrawal or correction
Subject to any regulatory or contractual restrictions, you may consult, correct or destroy the personal information we hold about you.
We will send you such information within a maximum of 30 days from the date of receipt of the written request and in a structured, commonly used technological format. A fee may be charged for processing your request.
Under certain circumstances, we may refuse to provide you with the information you have requested. Exceptions to your right of access include the fact that information cannot be disclosed for legal or security reasons. These limitations are described in the Loi sur la Protection des Renseignements Personnels dans le secteur Privé (RLRQ, c. P-39.1).
You may verify the accuracy and completeness of your personal information and, if necessary, request that it be amended. Any request for amendment will be processed in accordance with the Act.
However, members and candidates are obliged to keep their information up to date in accordance with the Professional Code.
13.2 Data portability
Users have the right to request the portability of their personal data held by Humance to another site.
13.3 Limiting and objecting to data processing
The user has the right to request that Humance restrict or object to the processing of their data, and Humance may not refuse this request unless it can demonstrate the existence of legitimate and compelling reasons, which may override the interests and rights and freedoms of the user.
13.4 Decision based exclusively on an automated process
The user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning them, or significantly affects them in a similar way.
14. Inquiries, complaints and questions
We are committed to responding to your questions and concerns regarding the protection of your personal information. If you are not satisfied with the response, you may contact the Privacy Officer at the address below.
Any request or complaint concerning the protection of personal information should be sent to the Privacy Officer at the address below:
Suite 300, Longueuil
If Humance’s Privacy Officer decides not to respond to a User’s request, and the User wishes to contest this decision, or if the User believes that one of their rights has been infringed, they have the right to contact the Commission d’accès à l’information du Québec.
15. Revision and approval
This Policy comes into effect upon adoption by the Access to Information and Privacy Committee and may be revised at any time by the Privacy Officer.
Changes may be proposed by various Humance stakeholders, which must be submitted in writing to the Access and Privacy Officer.
Humance reserves the right to modify this policy at any time. Any changes will be posted on Humance’s various web platforms. Your use of the Services following the posting of changes to the Policy constitutes acceptance of those changes.
This Policy should be reviewed at least every two years to ensure its relevance to Humance’s mission, the activities of its users and any substantial changes in legislation or regulatory requirements.
16. Effective date
This Policy takes effect on September 22, 2023. It cancels and replaces all previous guidelines on this subject.