Policy regarding confidentiality and the protection of personal information concerning employees, candidates and website users

 

1. General purpose

(« Progitek ») with respect to the governance and confidentiality of personal information for its employees and for users of its website www.dentitek.ca (hereinafter « Website »).

It also aims to ensure the security and protection of personal information collected, held, used, communicated and retained by Progitek, against unauthorized consultation, use or disclosure thereof. It also aims to protect this information against any attack on its integrity.

 

In addition, the purpose of this policy is to determine the rules governing access to this information, its communication, use, retention and destruction, as well as rectification rights.

 

2. Foundation

Progitek is a private company subject to the Act respecting the protection of personal information in the private sector (R.S.Q. P-39.1), the Act to establish a legal framework for information technology (R.S.Q., c. C-1.1), the Civil Code of Québec (R.S.Q., 1991, c. 64) and the Personal Information Act (R.S.C. (1985), c. P-21).

 

Progitek is the legal entity registered under the Business Corporations Act, doing business from time to time under the name “Dentitek”. Dentitek is also a software solution developed by Progitek to simplify the management of dental clinics.

 

Progitek may collect personal information about its employees, applicants and website users through its website.

 

Progitek recognizes the importance of privacy, security and the protection of personal information. We are committed to respecting the provisions, values and fundamental principles established by all applicable legislation, including any updates.

 

Progitek implements reasonable physical, computer and technological security measures to ensure the confidentiality of personal information communicated to it in the course of its activities.

 

Despite the security measures taken by Progitek to keep personal information secure, there is uncertainty related to an illegal cyber-attack by a third party who could steal personal information without Progitek’s consent. No method of electronic collection, transmission or storage is 100% secure. We cannot guarantee that your personal information will not be accessed, obtained, disclosed, modified or destroyed as a result of a breach of our security measures described above. We therefore cannot guarantee the security of any personal information you provide to us, and you do so at your own risk.

 

3. Scope of application

This policy applies to all Progitek employees, agents, suppliers and partners who may have access to personal information in the performance of their duties.

 

4. Objectives

The purpose of this policy is to define the type of personal information Progitek collects and how Progitek protects that information.

 

It also specifies the standards for the collection, retention, use, communication and destruction of such information, as well as the rights of access and rectification of personal information by the company or by a third party, regardless of the nature of the medium or the form in which it is accessible: written, graphic, sound, visual, computerized or other.

 

5. Definition of personal information

Any information concerning a natural person that allows that person to be identified directly or indirectly and that is not public information within the meaning of the Act respecting the protection of personal information in the private sector. Such information may include first and last names, street address, e-mail address, social insurance number or telephone number.

 

5.1    General principles

 

Progitek takes appropriate security measures to protect personal information that is collected, used, disclosed, retained or destroyed in a manner that is reasonable given the sensitivity of the information, the purpose for which it is to be used, the amount, distribution and format of the information, including ensuring the following:

 

  • The integrity of the information, so that it is not destroyed or altered in any way, without authorization and in compliance with the applicable laws, and that the support for this information provides it with the desired stability and continuity;
  • Confidentiality of personal information, by limiting its disclosure to those authorized to receive it, either externally with the employee’s express consent, or internally when the information is necessary for the performance of the employee’s duties;
  • Identification and authentication, to confirm, when required, the identity of a person or the identification of a document or device;
  • Compliance with legal, regulatory or business requirements to which Progitek is subject.

 

6. Collection of personal information

Progitek collects personal information about its employees. Progitek also collects personal information from candidates (“Candidates“) who apply for employment with Progitek through its website and social media platforms. Progitek also collects personal information about users of its website and social media platforms.

 

In particular, Progitek may collect the following information: last name, first name, postal address, e-mail address, IP address, telephone number, bank details, date of birth, social insurance number.

 

7. Consent to collection

The collection of personal information by Progitek is carried out in full transparency and with the prior, free and informed consent of the employee, candidate or user of its website, which is obtained by means of one or more consent forms detailed in simple and clear terms. In the case of sensitive information, the consent received is express.

 

In compliance with applicable laws, when Progitek collects personal information, it requires the consent of the employee concerned, the candidate or the user of its website by disclosing in advance the purposes for which this information is collected and will be used.

 

Progitek will obtain new and separate consent before using personal information for purposes that are not compatible with those for which it was originally collected.

 

8. Collection mode

Personal information may be collected in person, by e-mail, through forms, telephone interviews, questionnaires, social networks, text messages or electronically via the website.

 

Progitek collects personal information from its employees, candidates or users of its website with their prior consent and provides the following information in plain language at the time of collection and thereafter upon request:

 

  • The name Progitek;
  • The purposes for which the information is collected;
  • The means by which information is collected;
  • The rights of access and rectification provided by law;
  • The right to withdraw consent to the disclosure or use of the information collected;
  • The name of the third party for whom the data is collected, if applicable;
  • The names of third parties to whom it will be necessary to communicate personal information;
  • The possibility that personal information may be disclosed outside Quebec.

 

Upon request, Progitek will inform employees, candidates and users of its website of the personal information collected from them, the categories of persons who have access to this information within the company, the length of time this information is kept, as well as the contact information of the person responsible for the protection of personal information.

 

9. Use

 

Progitek collects and retains the personal information of its employees, candidates and users of its website in order to :

  • For employees
    • Check their identity;
    • Communicate with them;
    • Process wages, withdrawals and other remuneration;
    • Produce personalized tax statements;
    • Administer various group plans (Employee benefits)
    • Monitor employee performance appraisals.
  • For candidates
    • Interview candidates;
    • Check their identity;
    • Communicate with them.
  • For website users
    • Improve, personalize and develop its website;
    • Develop new products and services;
    • Provide customer service on its website;
    • Provide updates and other information regarding its website;
    • Marketing and promotion;
    • Offer training;
    • Any other compatible purpose;
    • Profiling;
    • Assert your rights, where applicable.

 

Progitek uses the information collected and held only for the purposes for which consent was obtained. Thus, except with specific consent, Progitek does not communicate, sell, rent, give, exchange, share or disclose to third parties any personal information held.

 

This information is accessible only to Progitek employees, suppliers or agents who necessarily need it to perform their duties, and they are required to respect the confidentiality of this information.

 

10. Retention and security of personal information

All personal information collected, regardless of the medium, is kept in a secure environment against unauthorized access, disclosure, copying, use or modification, as well as against loss or theft. These security measures include, where applicable, the use of firewalls and secure servers, the deployment of appropriate access rights management systems and procedures, sufficient training of Progitek personnel who have access to personal information in the course of their duties, and other measures necessary to ensure appropriate protection of your personal information against unauthorized use or distribution. Progitek uses information technology to support its business processes in order to provide better service and appropriate security for the information it holds.

 

Progitek implements reasonable security and access management measures to ensure the confidentiality, integrity and availability of the personal and confidential information it holds, taking into account the sensitivity of the information, the risks to which it is exposed and the obligations to which Progitek is subject.

 

11. Disclosure of personal information to third parties

From time to time, Progitek may disclose to third parties aggregated or de-identified data that does not contain personal information or other personally identifiable information.

 

Progitek may also share personal information with third-party service providers that Progitek has engaged to perform services on its behalf, at our direction, such as advertising agencies, marketers, data processing and storage companies, or organizations that provide administrative and support services to Progitek.

 

Progitek requires the consent of its employees, candidates and users of its website before disclosing personal information concerning them to a third party, unless applicable laws authorize disclosure without such consent.

 

Progitek may, in the course of providing its services, communicate personal information, in compliance with applicable legal requirements, to its external suppliers located inside and outside Quebec. These suppliers include financial institutions, marketing firms, suppliers of administrative services, human resources, productivity solutions, payroll production, surveys and benefits management.

 

Progitek may also enter into service agreements with its external suppliers, in accordance with the law, in order to facilitate the communication of personal information between them and with other stakeholders.

 

Progitek and its suppliers may be required to provide personal information in response to court orders, administrative inquiries or other legal requirements.

 

In the event of a sale, buyout, acquisition or other restructuring of Progitek’s business, Progitek may disclose personal data, which may constitute personal information, to potential or existing purchasers and their advisors for the purposes of such transaction. Progitek will ensure that it complies with the requirements of applicable laws prior to any such disclosure.

 

potentiels ou existants et à leurs conseillers aux fins de ladite transaction. Progitek veillera à respecter les exigences des lois applicables avant toute communication.

 

12. Rights of access, rectification or withdrawal

Any person who so requests has a right of access to personal information concerning him or her that is held by Progitek, subject to exceptions provided for in applicable laws. Requests may be made via the Privacy Officer.

 

An individual may request that his or her personal information be corrected, rectified or destroyed, or that it no longer be used for the purposes for which it was collected, subject to compliance with various laws.

 

Any person concerned may also, at any time, withdraw his or her consent to the processing of his or her personal information by contacting the Privacy Officer. Such withdrawal of consent will be effective for the future only, upon receipt by Progitek. Upon receipt of the notice of withdrawal of consent, Progitek undertakes to cease all processing of the personal information in question and to proceed with its destruction, subject to any legal or regulatory obligation relating to its retention.

 

Progitek will also notify any person or entity to whom such personal information has been disclosed in accordance with the consent obtained so that such person or entity may also proceed to the cessation of the processing and destruction of such personal information, if applicable.

 

However, Progitek may not be able to meet its obligations in the event of a request for withdrawal of consent or early destruction. In this case, Progitek cannot be held responsible for any prejudice suffered by the person concerned.

 

13. Destruction

Personal information is retained only as long as necessary for the fulfillment of the purposes for which it was collected, and is then destroyed. Personal information may be retained beyond the fulfillment of the purposes for which it was collected if another retention period provided for by another law applies. It will be destroyed in accordance with applicable laws.

 

14. User responsibility

Any person who sends information to Progitek is responsible for its accuracy and for maintaining the confidentiality of his or her identification and authentication information (user code, access code, password, etc.). Progitek cannot be held responsible for any unauthorized use caused by such user.

 

Any person sending information to Progitek must also ensure that the system or equipment used to transmit or receive information from Progitek is sufficiently secure and exercise due care. Progitek cannot be held responsible for unauthorized access to information resulting from negligence or vulnerabilities in a user’s equipment or system.

 

In the event that the confidentiality of your information is compromised or your identity is stolen, you must notify Progitek as soon as possible by contacting the Privacy Officer identified below.

 

15. Confidentiality incidents and measures to be taken

A privacy incident involves the unauthorized access to personal information, the unauthorized use of personal information, the unauthorized disclosure of personal information, the loss of personal information or any other breach in the protection of personal information. In the event of a privacy incident, Progitek will take prompt action to minimize the risk of harm to the individual and to prevent similar incidents from occurring in the future. In the event of a risk of serious prejudice to the person concerned, Progitek will inform the latter as well as the Commission d’accès à l’information.

 

16. Keeping an incident register

Progitek keeps a record of all incidents of confidentiality to which it has been subject, even those that do not present a risk of serious harm to the individual.

 

Progitek will allow the Commission d’accès à l’information to consult this register and will provide a copy upon request.

 

17. Cookies and privacy settings

To be able to offer some of its services, Progitek, through its website, may also collect personal information using the following technologies:

 

  • Cookies: When a user visits our website, our website sends one or more cookies to the user’s computer, as well as cookies from related services such as Google Analytics, Google Adwords, Google Adsense, LinkedIn, Youtube or Facebook. These cookies contain identifying information that allows Progitek to know how users interact with the services, to target users with relevant offers, their browsing history on the site, as well as to summarize their experience of using the services.
  • Connection logs: Each time a user uses Progitek’s services through its website, the servers automatically record the connection information sent by the user’s browser when connecting to a website. These server logs may contain information such as the user’s Internet search, IP address, browser type and language, Internet service provider, date and time of connection, pages visited, one or more cookies identifying the user’s browser and number of clicks.

 

To the extent required, the information provided by a user as part of his/her use may be combined with information from other Progitek services or third parties, such as Google Analytics, Google Adwords, Google Adsense, LinkedIn, Youtube or Facebook, in order to improve the quality of the services. For certain services, the user may choose whether or not to allow this information to be combined.

 

A consent banner is automatically displayed on arrival at the website to enable the user to activate cookies. The effectiveness of certain services offered by the website may be affected if the user refuses to activate cookies.

 

Any person who provides personal information pursuant to this section consents to its use and disclosure for the purposes for which the information was collected.

 

18. Affiliated sites

Some of Progitek’s services are offered in connection with other websites. The personal information that a person communicates to these sites may be sent to Progitek so that the service can be provided. This information is processed in accordance with this policy. Affiliated sites may have different privacy practices, so Progitek recommends that you review their applicable policies and practices.

 

19. Links

Progitek may display links in a format that enables it to determine whether these links have been followed. This information is used to improve the quality of personalized content and ads.

 

20. Complaints management

Any person who wishes to file a complaint concerning Progitek’s collection, retention, use, disclosure, destruction or rights of access or rectification of his or her personal information must address it to Progitek’s Privacy Officer. The Privacy Officer will review the complaint and provide a response within 30 days of receipt.

 

21. Distribution of this policy

Progitek publishes this policy on its website and disseminates it by any means likely to reach the persons concerned. Progitek also publishes notice of any changes to this policy.

 

22. Privacy officer

Progitek is responsible for personal information under its control. Progitek appoints an individual to ensure compliance with the applicable legal framework for the protection of personal information. This person also ensures compliance with the normative framework (policies, directives, procedures and internal standards) established and implemented by Progitek in order to be able to demonstrate Progitek’s compliance with the various privacy laws applicable to its operations.

The President of Progitek, Mr. Éric Vézina, assumes the role of “Privacy Officer” and can be reached at the following address : evezina@progitek

 

Entry into force

 

This policy will come into effect on the day of its adoption by the Privacy Officer : May 1, 2024.