Privacy and Protection of Personal Information Policy

  1. SCOPE AND APPLICATION

Fondaction Asset Management (“FAM”) is committed to protecting the privacy of individuals and the confidentiality of personal information that it collects, holds, uses or communicates. The purpose of this Privacy and Protection of Personal Information Policy (the “Policy”) is, among other things, to describe in general terms the practices and measures relating to the manner in which personal information is collected, held, used, communicated or otherwise processed or deleted. It specifies how FAM safeguards the confidentiality of the personal information it holds and the means available to individuals who wish to exercise their rights and choices with respect to their personal information.

The Policy is governed by the Act respecting the protection of personal information in the private sector (Chapter P-39.1) and is supplemented by the Legal Notice – Terms of Use of FAM’s website and by FAM’s Politique de gestion et sécurité de l’information (Information Management and Security Policy).

The Policy applies to all FAM activities. As such, it applies in particular to any individual who is
or has been: a user of its website, a job applicant, an employee, a director or a committee
member. It also applies with respect to personal information collected in the course of its
activities on contacts or third parties, or shared with it by a partner entity whose products,
services or activities are related or complementary to those of FAM.

In some cases, at the time of collection of personal information, FAM may provide additional
information regarding the processing of personal information or stipulate specific terms and
conditions. FAM may also, in some circumstances, obtain specific verbal or written consent to
the use or communication of personal information, including where required by law.

  1. NOTION OF “PERSONAL INFORMATION”

The term “personal information” generally means information concerning a natural person and
allowing, directly or indirectly, that person to be identified. Anonymized information that cannot
be associated with an identifiable individual, either directly or indirectly, does not constitute
personal information. In accordance with the law, for the purposes of certain passages of the
Policy, information that relates to the exercise of a function within a company, such as certain
business contact details, is also excluded.

  1. CATEGORIES OF PERSONAL INFORMATION COLLECTED

FAM limits the collection of personal information to what is reasonably required to fulfill the purposes for which it was collected.FAM may collect, hold, use or communicate various information depending on the nature of an individual’s relationship with FAM, for example, a shareholder, a website user or an employee, including, but not limited to:

  • Identification and authentication information, such as name, postal address, social insurance number, date of birth, designation of sex, phone number, email address, employer, occupation, employee number, marital status, signatures (handwritten, electronic or digital), passwords and other authentication methods, and government identifiers such as driver’s license number.
  • Web or other activity information, such as browser type, Internet service provider, referring/exit pages or pages viewed on the website.
  1. COLLECTION OF PERSONAL INFORMATION

FAM collects personal information in a variety of ways, including directly from the individual concerned, from third parties and through its website, or otherwise, including where permitted bylaw. FAM can also generate new information using information already collected.FAM may, but is not limited to, collecting personal information from the following general sources:

a. Directly from the individual
FAM may collect personal information directly from the person concerned or their legal representative, namely in the course of employment, duties or functions with FAM.

b. From third parties

In some circumstances, FAM may collect personal information from third parties, such as a former employer, a financial institution, an information agency, a credit reporting agency, a partner entity whose products, services or activities are related or complementary to those of FAM, a service provider, a public agency, a legal representative, etc.Each third party is responsible for ensuring and guaranteeing that they are authorized to provideFAM with such information and have obtained the free and informed consent of the person concerned for the collection, use and communication of their personal information when required by law.

c. Through its website

The use of the website allows FAM to automatically compile certain information concerning a user profile, which may include the Internet protocol address (or IP address) of a computer, a geolocation zone, the operating system used, the name of the Internet service provider, the date and time a person accessed the website, the previous website visited insofar as it provided a link to the FAM website, as well as the content viewed and downloaded on the FAM website. To this end, the FAM website, like most websites, uses tracking cookies, which are small data files that are stored on a computer when it is visited. Use of the website is also subject to the LegalNotice – Terms of Use and other conditions posted online from time to time.

  1. USE OF PERSONAL INFORMATION

With the consent of the person concerned, or as permitted or required by law, FAM may use personal information for the following purposes or for any other compatible or reasonable purposes, or for any other purposes specified in a consent.FAM may use personal information for its general purposes, such as:

Providing or delivering products and services or handling requests

  • Establishing and maintaining a business relationship;
  • Answering any questions, comments, suggestions or complaints;
  • Providing information on products and services that may be of interest;
  • Transferring money to or from a financial institution.

Managing business operations

  • Preventing errors and fraud and meeting legal requirements;
  • Ensuring information, system or network security;
  • Investigating or assisting with investigations;
  • Informing the competent authorities and collaborating with them when required;
  • Collecting amounts due;
  • Responding to audits, evaluations, requests or legal requirements.

Managing the website

  • The website may use information to manage and facilitate its use, which may include tracking cookies and other technologies to tailor the website to preferences and to compile statistics about its consultation and use in order to improve it, such as analysis tools like Google Analytics and similar technologies. Statistics may include the number of visits, the average time of each visit and the pages visited.

Managing the file of an employee, a committee member, a director or certain consultants

  • Verifying identity, background and, in some cases, diplomas obtained;
  • Responding to applications and communicating with the applicant, the incumbent or a former incumbent;
  • Evaluating an application;
  • Entering into an employment contract or any other contract;
  • Processing payrolls, deductions and applicable contributions, and paying all sums due;
  • Completing enrolment in a group insurance or pension plan;
  • Managing performance or professional development;
  • Ensuring health and safety compliance, monitoring, preventing violence, handlingcomplaints or managing administrative, disciplinary or legal measures.

Management mandates

  • Conducting a background check;
  • Performing due diligence;
  • Appointing or recommending the appointment of a director, an officer or a committee member.
  1. COMMUNICATION TO OTHER INDIVIDUALS OR ORGANIZATIONS

FAM may communicate information to its mandataries, service providers, subsidiaries or other entities of the same group, to FAM representatives, to partner entities whose products, services or activities are related or complementary to those of FAM, and to other individuals or organizations in accordance with the law. Service providers who may receive personal information include, but are not limited to: consulting companies; human resources management companies; training companies; account and tax statement preparation companies; postal and courier companies; scanning companies; document storage companies; cloud or other data storage providers; software suppliers or IT maintenance and consulting services.

When FAM communicates personal information to third parties such as agents or service providers, it stipulates by contract, in accordance with the law, that the personal information communicated must be used only for the purposes of fulfilling the contract and that it must benefit from reasonable protection measures, taking into account, for example, its sensitivity, use or quantity. Such third parties may be required to provide reasonable assurance that their information security and data protection controls are adequate for this purpose.

In addition, FAM may communicate personal information where permitted or required by law, for example:

  • With governments; governmental bodies or agencies; or law enforcement agencieswhen required by law – as in the case of communication for tax purposes to the CanadaRevenue Agency or to Revenu Québec, or in securities matters to the Autorité desmarchés financiers.
  • With individuals; organizations; fraud prevention agencies; regulatory or governmental bodies or agencies; money laundering and terrorist financing prevention and deterrence organizations such as the Financial Transactions and Reports Analysis Centre ofCanada (FINTRAC); database or registry operators used to cross-check information provided against existing information; insurers, financial institutions or lending institutions to validate eligibility or to detect or eliminate financial abuse, fraud and criminal activity, to protect FAM’s assets and interests, to assist in internal and external investigations of potentially illegal or suspicious activities, or to manage, defend against or settle actual or potential losses related to any of the foregoing. For these purposes, personal information may be grouped together with data belonging to other individuals, and may be subject to data analysis.

In all cases, FAM does not sell the personal information entrusted to it in the course of its activities.

  1. CHOICES REGARDING THE USE OF PERSONAL INFORMATION

An individual may, in some cases, choose how FAM handles their personal information.

a. Recommendations or consultations

In some circumstances, FAM may collect, use and communicate personal information from a person concerned in a context that is not strictly necessary for processing an application submitted to FAM. Insofar as personal information collected for these purposes is not strictly necessary to process an application, FAM will seek separate and optional consent for these elements, except in cases where implicit consent applies, for example, when a person shares comments on an FAM digital platform.An individual may always choose to withdraw their consent to the collection, use and communication of personal information for these purposes by following the terms and conditions that will be shared with them from time to time to this effect.

b. Changing browser settings on a device

It is possible to erase tracking cookies from the hard drive of a computer or mobile device, to block the creation of tracking cookies or to receive a warning before a tracking cookie is stored.An individual can remove or disable some of these technologies at any time through their browser. If someone wishes to deactivate Google Analytics, they can use the Google deactivation add-on located at https://tools.google.com/dlpage/gaoptout. However, in the event of removal or deactivation of some of these technologies, some of the features of the website and digital platforms may no longer be functional or accessible.Users are invited to refer to their browser instructions or help screen to find out how to block, delete and manage tracking cookies on their computer or mobile device.

c. Restriction on the collection, use and communication of personal information

For situations other than those described above, any individual may withdraw their consent to the collection, use and communication of personal information in accordance with the Policy at any time upon reasonable notice to FAM in writing, subject to legal or contractual restrictions.

However, the withdrawal of consent may affect FAM’s ability to offer or provide products and services to an individual or to respond to an application. In some circumstances, legal or contractual requirements may prevent a person from withdrawing consent, for example, to the extent that information is required to satisfy tax or compliance obligations.

  1. PERSONAL INFORMATION SAFEGUARDS

FAM’s Politique de gestion et sécurité de l’information (Information Management and SecurityPolicy), available on the FAM website, and various other directives, procedures and instructions govern the protection of personal information at FAM.

Without limiting the scope of the foregoing, FAM, in collaboration with its main service provider, takes reasonable measures to ensure the confidentiality of personal information and, as such, implements a series of security measures to protect personal information against loss or theft, as well as against any unauthorized consultation, communication, reproduction, use or modification. These security measures include physical measures (e.g. office access cards for employees, data backup and archiving using an external system, etc.), administrative or organizational measures (such as data confidentiality and data security training for employees)and technological measures (such as the use of passwords, firewalls, data encryption, SSL protocol, network monitoring, etc.) that are reasonable given the sensitivity of the information, its use, quantity, distribution and medium.

FAM also takes the necessary steps to ensure that all its employees are informed about the content of this Policy and its protection of personal information practices, and deploys identity and computer access management initiatives to determine which employees or other authorized individuals may access information assets and for what period of time.However, as no mechanism offers flawless security, a degree of risk is inevitable.

Depending on the volume and sensitivity of the information, the purposes for which it is to be used and the medium on which it is stored, FAM implements a combination of safeguards to protect personal information, including:

  • Appointment of a person in charge of the protection of personal information who assumes the roles and responsibilities set out in the Act respecting the protection of personal information in the private sector and who ensures, among other things, thatFAM complies with applicable protection of personal information legislation;
  • Procedures for receiving, investigating and responding to complaints or requests regarding FAM’s information handling practices, including those related to any incident involving personal information;
  • Contractual measures, security questionnaires and other tools to ensure that suppliers with whom FAM shares personal information have adequate security measures in place.
  1. STORAGE OF PERSONAL INFORMATION

FAM retains personal information to provide products or services or to respond to applications submitted, to manage its business activities, including, in particular, for the performance of a contract or for any other legitimate interest of FAM or to comply with its legal obligations. Once the purposes for which the personal information was collected or used have been fulfilled, and subject to preservation periods set out in other legislation, the Act respecting the protection of personal information in the private sector stipulates that this information must be destroyed or anonymized, so that it can no longer identify an individual, in a secure and irreversible manner.

  1. TRANSFERS OF PERSONAL INFORMATION OUTSIDE QUÉBEC

Generally speaking, personal information is held (data at rest) in Canada, whether in Québec orin another province. Notwithstanding the foregoing, it may also be held in any country where FAM’s service providers operate and to the extent necessary for their functions or services.

As a result, some FAM suppliers may access, use or store personal information outsideQuébec. In such a situation, the safeguards described in Section 8 apply, but the fact remains that personal information so communicated may be subject to the laws of a foreign state, including any laws allowing or requiring communication of the information to governments, government agencies, courts and law enforcement agencies of that state.

  1. REQUEST FOR ACCESS, RECTIFICATION, MODIFICATION OR DELETION,OR COMPLAINT RELATING TO PERSONAL INFORMATION

Subject to certain legal exceptions, any individual may have access to personal information concerning them, request the rectification of inaccurate information and request the correction or deletion of their personal information if its collection, use, communication or retention is not authorized by law. Any individual may also file a complaint regarding the protection of personal information.

To exercise any other right provided for in this section, any individual is invited to communicate with FAM using the contact information provided in Section 13.

The person concerned may be charged a reasonable fee for the transcription, reproduction or transmission of information. Should FAM intend to charge such fees, it will inform the person concerned of the approximate amount due before proceeding.

  1. CHANGES TO THE POLICY

FAM may amend the Policy at its sole discretion. Any changes are effective when they are posted on its website. In accordance with the law, additional terms and conditions may apply. By continuing to interact with FAM after the new version of the Policy has been posted, any individual will be deemed to have accepted the changes to the Policy, subject to any additional requirements that may apply. Each individual is responsible for ensuring that they have read and understood the Policy and any amendments thereto.

  1. CONTACT INFORMATION

General questions about privacy and the protection of personal information can be submitted as indicated below:

  • by phone: 514-525-5505 or toll-free 1-800-253-6665;
  • by mail: 2175 De Maisonneuve Boulevard East, suite 103, Montréal, Québec H2K 4S3.

All requests for access, rectification, modification or deletion and all complaints must be submitted in writing to the person in charge of the protection of personal information as indicated below:

  • by email: confidentialite@fondaction.com;
  • by mail: 2175 De Maisonneuve Boulevard East, suite 103, Montréal, Québec H2K 4S3.

The person in charge of the protection of personal information shall respond promptly to any request submitted to them, generally within thirty (30) days of receiving the written request. If the person in charge is unable to respond, in whole or in part, to a request made to them, they will inform the applicant of the reason.

  1. PERSON IN CHARGE AND REVIEW

In accordance with the provisions of the Act respecting the protection of personal information in the private sector (as amended by An Act to modernize legislative provisions as regards the protection of personal information), the Policy has also been approved by the person in charge of the protection of personal information at FAM. The application and revision of the Policy are under their responsibility. The minimum revision frequency is every three (3) years, or more often if necessary

Follow our news on LinkedIn

Follow us on LinkedIn
NewsContactEn

Find Us

© 2024 Fondaction Asset Management. All rights reserved
Legal noticeConfidentialityPrivacy