Privacy Policy
Droit Criminel’s Personal Information Protection Policy
At Droit Criminel, we strongly believe in the importance of protecting the personal information of our clients, employees, applicants, and suppliers (hereinafter referred to as “you” or “your”). We are deeply committed to safeguarding confidential information and respecting your privacy. We are subject to the Act respecting the protection of personal information in the private sector (referred to as “Law 25”). As such, we undertake to take all possible and reasonable measures to maintain the confidentiality of the personal information we collect in the course of our activities, while providing a framework that facilitates communication with our clients, employees, and suppliers.
In addition to complying with the requirements of Law 25, we are also bound by the Code of Ethics of Chartered Professional Accountants (“CPA”), which imposes very strict confidentiality standards, including professional secrecy.
In addition to complying with the requirements of Law 25, we are also bound by the Code of Ethics of Chartered Professional Accountants (“CPA”), which imposes very strict confidentiality standards, including professional secrecy.
Table of Contents
PURPOSE OF THE POLICY
The privacy policy of Droit Criminel (the “Policy”) aims to inform its clients, employees, applicants, and suppliers about our practices regarding the collection, use, disclosure, and retention of personal information. By choosing to provide us with personal information (whether via the Internet, our client portal, by email, in person, by phone, or by any other means), you agree to the terms and conditions of the Policy and authorize us to process your personal information in accordance with it, for the purposes described below.
Why do we collect personal information?
Droit Criminel collects personal information only in the context of its various activities and the mandates entrusted to it, or for use consistent with these purposes; always in compliance with applicable laws.
What personal information do we collect?
The amount and type of information collected are limited to what is necessary for the specified purposes. Droit Criminel collects only what it needs.
Given the nature of its activities, Droit Criminel is called upon to retain a large number of personal data. This may include, but is not limited to: last name, first name, email address, social insurance number, occupation, employer, workplace, educational institution, personal affiliations, relationship to relatives, health records, membership in organizations, financial situation, bank account, payment data, passwords, IP address, website usage, cookies and tracking pixels, demographic data, geographic data, biographical data, communication preferences, balances owed or to be received from various governments, eligibility for various programs or grants, all data contained in previous tax filings, in addition to any other personal information that you or Droit Criminel have deemed relevant and provided to us.
Please note that if you provide us with personal information about other people, you must ensure that you have given those people appropriate notice indicating that you are providing us with their information and that you have obtained their consent to this disclosure.
Given the nature of its activities, Droit Criminel is called upon to retain a large number of personal data. This may include, but is not limited to: last name, first name, email address, social insurance number, occupation, employer, workplace, educational institution, personal affiliations, relationship to relatives, health records, membership in organizations, financial situation, bank account, payment data, passwords, IP address, website usage, cookies and tracking pixels, demographic data, geographic data, biographical data, communication preferences, balances owed or to be received from various governments, eligibility for various programs or grants, all data contained in previous tax filings, in addition to any other personal information that you or Droit Criminel have deemed relevant and provided to us.
Please note that if you provide us with personal information about other people, you must ensure that you have given those people appropriate notice indicating that you are providing us with their information and that you have obtained their consent to this disclosure.
Who can access your personal information?
Droit Criminel will never disclose your personal information unless legally compelled to do so. It takes all reasonably necessary measures to ensure that your personal data is processed securely and in accordance with this privacy policy.
Your personal data is processed in our operational offices and in any other location where the parties involved in this processing are situated (such as our service providers). Only our authorized staff and suppliers may have access to your information, to the extent that it is necessary for the performance of their duties.
This means that such information may be transferred to computers located outside Quebec, Canada, or to other government entities where data protection laws may differ from those in your jurisdiction. As a result, in certain circumstances, foreign governments, courts, law enforcement agencies, or regulatory bodies may be authorized to access the personal data collected and held under our control.
Your personal data is processed in our operational offices and in any other location where the parties involved in this processing are situated (such as our service providers). Only our authorized staff and suppliers may have access to your information, to the extent that it is necessary for the performance of their duties.
This means that such information may be transferred to computers located outside Quebec, Canada, or to other government entities where data protection laws may differ from those in your jurisdiction. As a result, in certain circumstances, foreign governments, courts, law enforcement agencies, or regulatory bodies may be authorized to access the personal data collected and held under our control.
How is your personal information protected?
Droit Criminel has adopted appropriate physical, technical, and administrative security procedures in order to best protect your personal information against any unauthorized access, use, or disclosure. These measures are regularly re-evaluated and improved to ensure the optimal protection of your data.
For example, our cloud platform is hosted on private and secure servers located in Canada, which use integrated security measures. Our cloud technology provider is Quebec-based and furthermore, also one of the few having obtained ISO 27001 certification in Canada. To learn more about this international standard for information security management, go to the site: [www.iso.org](http://www.iso.org).
We use data transmission systems protected by password and encryption. Our personnel have been trained in the protection of personal information and we establish contractual agreements to that effect with all our service providers. These providers meet the highest levels of security in terms of protecting personal information.
We have established material means and organizational, contractual, and technological security measures to protect your personal information against loss or theft, as well as against unauthorized access, use, or transmission. For example:
* Restrict access only to authorized employees and suppliers;
* Raise employee and supplier awareness of the importance of protecting personal information;
* Protect data access by physical and technological means:
* Office access reserved for authorized persons;
* Solid fireproof doors protecting office access;
* Non-pickable cylinder locks protecting office access;
* Employee desks with lockable doors;
* Use of Canada Post services for physical shipments;
* Secure client portal for data exchange;
* Computers with protected access;
* Firewalls;
* Passwords controlling computers, programs, transmission;
* Two-factor authentication (2FA) when available;
* Data encryption;
* Etc.
Like the majority of organizations, we cannot guarantee that the protection measures we use will always be effective. No means of transmitting information over the Internet, by mail, or storing information is perfectly safe; therefore, Droit Criminel cannot guarantee their absolute security.
A breach of security measures may cause risks such as phishing and identity theft. In these cases, we quickly take measures to mitigate the risks and to inform you when the risk of serious harm is real or when the law requires us to do so.
It is also important to note that we cannot be held responsible for personal data you share with other users, that you transmit to us via unsecured email programs, or that you publish in public spaces such as our blogs. These public spaces can be consulted or viewed by anyone visiting our website and are therefore not covered by this policy.
We also ask for your participation in promoting the protection of your personal information. For example, if you use an account on our secure client platform, you should only access it from a secure network, you must create unique and complex passwords, not share them with others, and notify us without delay if you believe any of your passwords has been compromised.
For example, our cloud platform is hosted on private and secure servers located in Canada, which use integrated security measures. Our cloud technology provider is Quebec-based and furthermore, also one of the few having obtained ISO 27001 certification in Canada. To learn more about this international standard for information security management, go to the site: [www.iso.org](http://www.iso.org).
We use data transmission systems protected by password and encryption. Our personnel have been trained in the protection of personal information and we establish contractual agreements to that effect with all our service providers. These providers meet the highest levels of security in terms of protecting personal information.
We have established material means and organizational, contractual, and technological security measures to protect your personal information against loss or theft, as well as against unauthorized access, use, or transmission. For example:
* Restrict access only to authorized employees and suppliers;
* Raise employee and supplier awareness of the importance of protecting personal information;
* Protect data access by physical and technological means:
* Office access reserved for authorized persons;
* Solid fireproof doors protecting office access;
* Non-pickable cylinder locks protecting office access;
* Employee desks with lockable doors;
* Use of Canada Post services for physical shipments;
* Secure client portal for data exchange;
* Computers with protected access;
* Firewalls;
* Passwords controlling computers, programs, transmission;
* Two-factor authentication (2FA) when available;
* Data encryption;
* Etc.
Like the majority of organizations, we cannot guarantee that the protection measures we use will always be effective. No means of transmitting information over the Internet, by mail, or storing information is perfectly safe; therefore, Droit Criminel cannot guarantee their absolute security.
A breach of security measures may cause risks such as phishing and identity theft. In these cases, we quickly take measures to mitigate the risks and to inform you when the risk of serious harm is real or when the law requires us to do so.
It is also important to note that we cannot be held responsible for personal data you share with other users, that you transmit to us via unsecured email programs, or that you publish in public spaces such as our blogs. These public spaces can be consulted or viewed by anyone visiting our website and are therefore not covered by this policy.
We also ask for your participation in promoting the protection of your personal information. For example, if you use an account on our secure client platform, you should only access it from a secure network, you must create unique and complex passwords, not share them with others, and notify us without delay if you believe any of your passwords has been compromised.
Consent
We are committed to protecting your privacy and collect and use personal information only with your consent and to the extent permitted or required by law.
By providing us with personal information, by any means whatsoever, you agree to the terms of our privacy policy and consent to the collection and use of your personal information in accordance with this policy.
In certain circumstances, we may be required to collect, use, or disclose personal information without your consent. This occurs when legal, medical, professional, or security reasons make it impossible or impractical to obtain your consent, or when information is collected as part of an investigation, the prevention or detection of fraud, or for law enforcement purposes.
You may withdraw your consent at any time, except where the law or applicable contracts restrict it. We will inform you of the consequences of such withdrawal, including the possibility that we may no longer be able to provide a product or process a request. Your decision to withdraw your consent will be recorded in our records.
By providing us with personal information, by any means whatsoever, you agree to the terms of our privacy policy and consent to the collection and use of your personal information in accordance with this policy.
In certain circumstances, we may be required to collect, use, or disclose personal information without your consent. This occurs when legal, medical, professional, or security reasons make it impossible or impractical to obtain your consent, or when information is collected as part of an investigation, the prevention or detection of fraud, or for law enforcement purposes.
You may withdraw your consent at any time, except where the law or applicable contracts restrict it. We will inform you of the consequences of such withdrawal, including the possibility that we may no longer be able to provide a product or process a request. Your decision to withdraw your consent will be recorded in our records.
Retention and Destruction of Personal Information
We retain your personal information for as long as necessary, according to the purposes for which it was collected, or longer if required or permitted by applicable laws.
We retain the data related to your account as long as the law requires. You may request the deletion of your personal information by contacting the person responsible for personal information protection, whose contact details are provided in the next paragraph. We will make every effort to comply with your request, always subject to the requirements provided by law.
We retain the data related to your account as long as the law requires. You may request the deletion of your personal information by contacting the person responsible for personal information protection, whose contact details are provided in the next paragraph. We will make every effort to comply with your request, always subject to the requirements provided by law.
Access and Correction of Personal Information
We make every effort to ensure that your personal information is as accurate and complete as necessary for the purposes of its collection, use, or disclosure.
Subject to applicable laws, upon receipt of a written request from an individual and after verifying their identity, we will inform the person if we hold personal information about them and will provide them with that information.
We may refuse a person access to their information in accordance with applicable laws, in which case we will explain the reason for the refusal.
Any request to verify or correct your personal information can be made informally by contacting Droit Criminel staff and after you have identified yourself. This method is the fastest and most convenient. Our staff is trained to respond to usual requests for verification and modification of personal data, such as address changes, phone number updates, etc.
If you believe you should make a formal request for access to information or a correction request, it must be made in writing and sent to the person responsible for personal information protection at the following address:
Droit Criminel.
Mr. François Gamache
Responsible for the Protection of Personal Information
19, Le Royer Ouest, office 204
438-834-7488
info@droit-criminel.ca
Opening hours: 9:00 to 17:00
Role and Responsibilities of Droit Criminel
We are responsible for the personal information collected, retained, used, disclosed, and destroyed in the course of carrying out our mandate. We will continue to develop policies and practices to ensure that this information is handled in strict compliance with the Act respecting the protection of personal information in the private sector.
We are also responsible for monitoring our compliance with this policy and conduct periodic audits of all our programs and services.
We are also responsible for monitoring our compliance with this policy and conduct periodic audits of all our programs and services.
Complaints and Concerns
Our staff and representatives are trained to address questions or concerns regarding your personal information. If you are not satisfied with the response from our employee or representative, you may contact the person responsible for privacy protection at the address mentioned above.
Changes to the Privacy Policy
We may update this policy from time to time and will post the most recent version online. We encourage you to review this privacy policy regularly to stay informed of any changes.
Last update: September 27, 2023
Last update: September 27, 2023
