Privacy Policy
Kelvin Emtech Inc. respects the privacy of its website users. Kelvin Emtech does not collect personal information via its website. Nevertheless, if a user of its website voluntarily sends Kelvin Emtech personal information about him, Kelvin Emtech agrees to use it only for the purpose for which the information was transmitted, to protect its confidentiality for the duration of its retention, to destroy it securely when the purpose is fulfilled and that the retention periods provided by law or regulation have expired. Kelvin Emtech undertakes to respond to requests for access, rectification or deletion of personal information diligently and in accordance with legal requirements.
If you have any questions or concerns about Kelvin Emtech’s handling of personal information, please contact Kelvin Emtech’s Privacy Officer at renseignementspersonnels@kelvin-emtech.com.
This policy is periodically reviewed to ensure its accuracy and continued relevance. It was last revised on September 21, 2023.
1. Framework applicable to the retention and destruction of personal information
Kelvin Emtech only collects personal information if it has a valid reason to do so and the collection is limited to the information necessary to fulfill the intended purpose. A list of personal information collected is kept up to date and appropriate security measures are put in place to protect it during the retention period. Access to personal information is limited to those persons for whom such access is necessary for the performance of their duties. Kelvin Emtech is committed to complying with current legal and regulatory requirements regarding the retention period of personal information, which varies according to the type of information. Once the purpose for which the personal information was collected has been fulfilled, and the retention periods provided for by law or regulation have expired, the personal information is securely and permanently destroyed according to the established periodic destruction schedule. Kelvin Emtech ensures that its personnel are trained and made aware of good practices in the protection and secure destruction of personal information.
2. Roles and responsibilities of the Privacy Officer and staff members throughout the personal information life cycle
Roles and responsibilities of the Privacy Officer
The Privacy Officer plays a key role in the organization’s protection of personal information. His or her roles and responsibilities are as follows:
– Ensure Kelvin Emtech’s compliance with the Act respecting the protection of personal information in the private sector.
– Establish and implement privacy governance policies and practices.
– Ensure that the collection, use, disclosure, retention and destruction of personal information comply with the Act.
– Manage privacy incidents. Maintain a confidentiality incident log. Notify CAI and the persons concerned of a confidentiality incident that could result in serious harm.
– Ensure the completion and approval of Privacy Impact Assessments.
– Handle privacy complaints.
– Handle requests for access, rectification or deletion of personal information.
– Define the roles and responsibilities of company personnel throughout the personal information life cycle.
– Raise awareness and provide training on the protection of personal information.
– Be the point of contact for any questions or concerns about Kelvin Emtech’s handling of personal information.
Roles and responsibilities of Kelvin Emtech employees regarding the protection of personal information
Kelvin Emtech employees play a crucial role in protecting personal information. Here are their roles and responsibilities:
– Act in accordance with Kelvin Emtech’s policies, procedures and governance practices regarding the protection of personal information. Comply with the Act respecting the protection of personal information in the private sector.
– Attend training and awareness activities organized by Kelvin Emtech. Consult the reference documents at their disposal. Report any questions or requests for clarification without delay to the Privacy Officer.
– Immediately report the occurrence of a privacy incident to Kelvin Emtech’s Privacy Officer.
– Protect the confidentiality of personal information to which they have access in the course of their duties.
o Only collect personal information that is necessary for the purposes for which it was collected, and only use it for the purposes for which it was collected.
o Follow existing access security protocols.
o Avoid disclosing personal information to unauthorized third parties except as permitted or required by law.
o Destroy personal information securely when the purpose for which it was collected has been fulfilled and the retention periods provided for by law or regulation have expired.
3. Privacy Complaint Handling Process
Kelvin Emtech has established and implemented a policy for handling complaints relating to the protection of personal information. Complaints sent to the Privacy Officer are evaluated to determine their admissibility, nature and seriousness. Well-founded complaints are dealt with appropriately in order to resolve the situation at its source and prevent the recurrence of similar situations. Kelvin Emtech undertakes to protect the confidentiality of information relating to the complaint and to respect reasonable processing times.
4. Process for handling requests for access or correction of personal information
Kelvin Emtech has established and implemented a policy for handling requests for access or rectification of personal information. Requests of this nature sent to the Privacy Officer are evaluated to establish their admissibility. The applicant’s identity is verified to ensure the request is legitimate. Admissible requests are processed in compliance with any legal restrictions and within 30 days. Kelvin Emtech is committed to protecting the confidentiality of information relating to the request.
5. Process for handling requests to delete personal information
Kelvin Emtech has established and implemented a policy for handling requests for the deletion of personal information. Requests of this nature sent to the Privacy Officer are evaluated to establish their admissibility. The identity of the requester is verified to ensure the legitimacy of the request. Admissible requests are processed in compliance with any legal restrictions and within a reasonable timeframe. Kelvin Emtech undertakes to protect the confidentiality of information relating to the request.
6. Confidentiality incident management process
Kelvin Emtech has set up a confidentiality incident reporting process. As soon as Kelvin Emtech’s Privacy Officer is notified of a privacy incident, he or she will review the known information relating to the incident and assess the level of potential harm to the incident. If the privacy incident presents a risk of serious harm, notices will be sent to CAI and to the individuals concerned. A response plan is implemented, depending on the type of incident. Reasonable measures are taken to reduce the risk of harm being caused and to prevent further incidents of a similar nature. Each step of the incident management process is documented. Kelvin Emtech undertakes to respect reasonable processing times, which may vary according to the complexity of the incident and the resources required to resolve it.
This Privacy Policy was last modified on September 2023.