Privacy Policy
Kelvin Emtech Inc. respects the privacy of users of its website. Kelvin Emtech does not collect personal information through its website. However, if a user voluntarily provides personal information to Kelvin Emtech, the company commits to using it only for the purposes for which it was provided, protecting its confidentiality during the retention period, and securely destroying it once the intended purpose is fulfilled and the legally required retention period has expired. Kelvin Emtech also commits to responding promptly to requests for access, rectification, or deletion of personal information in compliance with legal requirements.
For any questions regarding the processing of personal information by Kelvin Emtech or to raise any concerns, please contact the company’s Privacy Officer at the following email address: renseignementspersonnels@kelvin-emtech.com.
This policy is periodically reviewed to ensure its accuracy and continued relevance. The last revision was conducted on September 21, 2023.
1. Applicable Rules for Retention and Destruction of Personal Information
Kelvin Emtech only collects personal information if there is a valid reason to do so and limits collection to what is necessary to achieve the intended purpose. A record of collected personal information is maintained, and appropriate security measures are in place to protect it during the retention period. Access to personal information is restricted to those who require it to perform their duties. Kelvin Emtech complies with legal and regulatory retention requirements, which vary based on the type of information. Once the purpose for collecting the data has been fulfilled and the legal retention period has expired, the data is securely and permanently destroyed according to the company’s scheduled destruction process.
Kelvin Emtech provides training and awareness programs for its staff on best practices for securing and properly disposing of personal information.
2. Roles and Responsibilities of the Privacy Officer and Staff Throughout the Personal Information Lifecycle
Roles and Responsibilities of the Privacy Officer
The Privacy Officer holds a key position within the organization regarding personal data protection. Their roles and responsibilities include:
- Ensuring Kelvin Emtech’s compliance with the Private Sector Privacy Act.
- Establishing and implementing governance policies and practices related to personal data protection.
- Ensuring that the collection, use, disclosure, retention, and destruction of personal information comply with the law.
- Managing confidentiality incidents and maintaining a registry of such incidents.
- Notifying the CAI (Commission d’accès à l’information) and affected individuals of confidentiality incidents that pose a risk of serious harm.
- Conducting and approving privacy impact assessments.
- Handling complaints related to personal information protection.
- Processing access, rectification, or deletion requests for personal information.
- Defining the roles and responsibilities of employees throughout the lifecycle of personal data.
- Raising awareness and training employees on data protection.
- Serving as the main contact for any inquiries regarding the handling of personal information.
Roles and Responsibilities of Kelvin Emtech Employees
Kelvin Emtech employees play a crucial role in protecting personal data. Their responsibilities include:
- Complying with Kelvin Emtech’s policies, procedures, and governance practices on data protection.
- Attending training and awareness programs.
- Consulting reference materials and seeking clarification from the Privacy Officer when needed.
- Immediately reporting any confidentiality incidents to the Privacy Officer.
- Safeguarding the confidentiality of personal information accessed during their duties.
- Collecting only the necessary personal data for the intended purpose.
- Using the data solely for its intended purpose.
- Following access security protocols.
- Avoiding unauthorized disclosure of personal information to third parties unless legally permitted or required.
- Securely destroying personal data once its purpose has been fulfilled and the legal retention period has expired.
3. Complaint Processing for Personal Data Protection
Kelvin Emtech has implemented a policy for handling complaints related to personal data protection. Complaints submitted to the Privacy Officer are assessed based on their validity, nature, and severity. If a complaint is found to be justified, appropriate measures will be taken to resolve the issue and prevent similar future occurrences.
Kelvin Emtech ensures the confidentiality of information related to complaints and adheres to reasonable processing timeframes.
4. Processing of Access and Rectification Requests for Personal Information
Kelvin Emtech has established a policy for handling access and rectification requests related to personal information. When such requests are received, the Privacy Officer evaluates their validity and verifies the identity of the requester to ensure the legitimacy of the request. Valid requests are processed while adhering to any applicable legal restrictions and within 30 days.
Kelvin Emtech ensures the confidentiality of information related to these requests.
5. Processing of Deletion Requests for Personal Information
Kelvin Emtech has established a policy for handling requests for the deletion of personal information. When such requests are received, the Privacy Officer evaluates their validity and verifies the identity of the requester. Valid requests are processed within a reasonable timeframe, ensuring compliance with legal requirements.
Kelvin Emtech ensures the confidentiality of information related to these requests.
6. Management of Confidentiality Incidents
Kelvin Emtech has implemented a confidentiality incident reporting procedure. Once the Privacy Officer is informed of an incident, they review the available information and assess the potential harm caused. If the incident poses a serious risk of harm, notifications will be sent to the appropriate authorities (IPE) and affected individuals.
An intervention plan is implemented based on the nature of the incident. Measures are taken to reduce risk and prevent similar future incidents. Each step of the incident management process is documented.
Kelvin Emtech commits to resolving confidentiality incidents within a reasonable timeframe, depending on the complexity of the issue and the resources required.
This privacy policy was last updated in September 2023.