Skip to content

Careers | Log in
English
Demo

Privacy Policy

The purpose of this policy is to ensure the protection of Personal Information held by Canam Group Inc. and its subsidiaries (hereinafter "Canam"). Canam values its relationships with its employees, customers and business partners and is committed to protecting their Personal Information in accordance with applicable laws (hereinafter collectively referred to as the "Law"), including the Act respecting the protection of personal information in the private sector (Quebec), as amended by the Act to modernize legislative provisions respecting the protection of personal information in the private sector.

DEFINITIONS 

In this policy, unless the context indicates otherwise, the following terms shall have the following meanings:

Personal Information: Information that directly or indirectly identifies an individual, such as street address, personal email address, personal telephone number, date of birth and social insurance number. Business contact information, including an employee's name, title and position, place of work, email address and business telephone number, is not considered Personal Information.

Privacy Incident: Means access to Personal Information that is not authorised by law, use or disclosure of Personal Information that is not authorised by law, loss of Personal Information, or any other breach of the protection of Personal Information. For greater clarity, the following examples would be considered Privacy Incidents: sending an email containing Personal Information to the wrong person; theft or loss of a computer, tablet or cell phone used for business purposes; loss of data caused by a virus, computer vulnerability or human error; unauthorised access, retrieval or disclosure of Personal Information; the use of Personal Information for purposes other than those for which it was collected or those to which the person concerned has consented; a ransomware attack; intrusion into Canam's computer system; intrusion into a computer, tablet or cell phone used for business purposes.

Anonymised Personal Information: Means Personal Information that no longer makes it possible, at any time and in an irreversible manner, to directly or indirectly identify a person.

Depersonalised Personal Information: Information that no longer directly identifies a person.

Sensitive Personal Information: Refers to information which, by its nature, for example medical, biometric or otherwise intimate, or by the context of its use or communication, gives rise to a high reasonable expectation of privacy.

Third Party: Means any person who is external to Canam.

Business Transaction: Means the disposition or lease, in whole or in part, of a business or its assets, or a change in its legal structure by amalgamation or otherwise.

RESPONSIBILITY REGARDING THE PROTECTION OF YOUR PERSONAL INFORMATION

Canam is responsible for the protection of all Personal Information in its possession or custody. In doing so, Canam undertakes to take appropriate security measures to ensure the protection of the Personal Information in its possession. Additional information on the security measures applied to Personal Information can be found in Canam's Information Technology Security Policy.

This responsibility rests primarily with the Privacy Officer who, in the performance of his duties, is supported by Canam's Legal Affairs Department and any other relevant departments, including IT, HR and Marketing, which are the departments that collect and manage the vast majority of Personal Information for Canam.

Annie Vézina, Director of Legal Affairs and Corporate Secretary, is the Privacy Officer for Canam and its subsidiaries.

PERSONAL INFORMATION COLLECTED BY CANAM AND PURPOSES OF ITS COLLECTION

Canam may collect, use and disclose, including to its subsidiaries, the following Personal Information of its employees and directors:

  • name;
  • personal address;
  • personal email address;
  • telephone number;
  • date of birth;
  • marital status;
  • gender;
  • languages spoken;
  • bank details;
  • social security number;
  • other tax information;
  • beneficiaries;
  • resume;
  • employee number;
  • criminal history report (only for those applying for certain types of employment);
  • medical information;
  • loyalty card number (for customers of the Canam Loyalty Program);
  • psychometric profiles;
  • passport number;
  • driver's licence number.

Canam collects, uses and discloses Personal Information about its employees for the following purposes, among others: 

  • to administer Canam's operations; 
  • manage compensation and benefits programs;
  • develop and manage employee services;
  • to meet legal requirements.

When Canam collects Personal Information, it will inform individuals of: 

  • the purposes for which the information is collected;
  • the rights of access and rectification provided by law, including the right to withdraw consent;
  • types of Third Parties, including service providers, to whom it is necessary to communicate Personal Information;
  • where applicable, the possibility that Personal Information collected may be communicated outside Quebec.

DISCLOSURE OF PERSONAL INFORMATION 

Subject to the exceptions described below, Canam will not disclose, sell or communicate Personal Information to Third Parties without the consent of the individuals concerned.

Canam may communicate certain Personal Information to its service providers, some of whom are located outside the province of Quebec. These service providers, including software providers, who may process Personal Information, include:

  • computer software suppliers, for example, to process employee payroll;
  • financial institutions;
  • government agencies;
  • actuarial firms;
  • insurance firms;
  • external firms offering telemedicine services;
  • law firms;
  • trade unions;
  • e-commerce platforms.

Notwithstanding the foregoing, Canam may, without the consent of the person concerned, communicate to a Third Party and use the Personal Information that is necessary and permitted by law, in particular: 

  • to its legal department and external legal services; 
  • the Director of Criminal and Penal Prosecutions, if the information is required for a prosecution for an offence under the law; 
  • to a person or body charged by law with the prevention, detection or suppression of crime or statutory offences, who requires it in the performance of his or her duties, if the information is required for the prosecution of a statutory offence; 
  • a person to whom it is necessary to communicate the information within the framework of a law or for the application of a collective agreement; 
  • to a public body within the meaning of the Act respecting access to documents held by public bodies and the protection of personal information (Quebec) which, through a representative, collects the information in the exercise of its powers or the implementation of a program under its management;
  • to a person or organisation with the power to compel the disclosure of Personal Information and who requires it in the performance of his or her duties; 
  • to a person to whom this communication must be made because of an emergency endangering their life, health or safety; 
  • to a person or organisation, as part of a mandate or service contract, or as part of a Business Transaction;
  • to a person who may use the information for study, research or statistical purposes in accordance with a law, provided that a privacy impact assessment is carried out before such disclosure is made;
  • to a person who, by law, may collect debts for Canam and who requires it for this purpose in the performance of his or her duties.

PRIVACY IMPACT ASSESSMENT

Canam will conduct a privacy impact assessment prior to disclosing Personal Information outside Quebec and when carrying out special projects, including those involving the acquisition, development, redesign of information systems and redesign of electronic service delivery systems, which involve the collection, use, disclosure, retention or destruction of Personal Information.

The Privacy Officer must be contacted at the outset of any such special project in order to carry out a privacy impact assessment, in conjunction with the persons responsible for the project, the Legal Department and any other relevant departments, such as HR and IT.

CONSENT

Personal information may only be collected, used or disclosed with the knowledge and consent of the individual concerned. An individual is free to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Consent is valid only for as long as is necessary to achieve the purposes for which it was requested.

In certain circumstances provided for or imposed by law, Canam may collect, use or disclose Personal Information without the prior consent of the person concerned. These circumstances include: 

  • publicly available Personal Information; 
  • when the collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way; 
  • when its use is necessary for the supply or delivery of a product or the provision of a service requested by the person concerned;
  • when its use is necessary for study, research or statistical purposes and the Personal Information is de-identified;
  • when its use is necessary for the prevention and detection of fraud, or the evaluation and improvement of protection and security measures;
  • when it is necessary to investigate a breach of contract or contravention of a law; 
  • when it is necessary to act in response to an emergency threatening the life, health or safety of a person;
  • when it is necessary to comply with a subpoena, warrant or order of any court of competent jurisdiction;
  • when its use or communication is necessary for the performance of a mandate, a service contract or a Business Transaction. 

In the latter case, Canam and the entity with which it carries out such a transaction will, before the sharing of Personal Information, have signed a confidentiality agreement under which they will undertake to protect the Personal Information communicated.

LIMITATION OF COLLECTION, USE, COMMUNICATION AND STORAGE

Employees must take care to protect the Personal Information which they may access in the course of their work. To this end, employees may not, without the written consent of the person concerned, access, use, transmit, copy or communicate in any way whatsoever to anyone, Personal Information for any purpose other than that for which such information was obtained. Furthermore, it is strictly forbidden to send any document or communication containing Personal Information obtained in the course of work to a personal email address, to an employee's personal email address or to a Third Party's personal email address. Similarly, Personal Information must not be stored on personal computer equipment.

Canam's general practice concerning the retention of Personal Information is to destroy or anonymise all Personal Information, except that which Canam is specifically required to retain, subject to legal retention periods. This practice applies regardless of the medium on which the Personal Information is stored (electronic, such as email, databases and the like, or physical, such as paper). It is the responsibility of each employee and department to ensure that no Personal Information is retained for a period longer than that set out in Canam's Personal Information retention schedule.

SECURITY 

Canam is committed to ensuring that Personal Information is protected by appropriate physical, administrative and technical safeguards, including against loss or theft, as well as unauthorised access, disclosure, copying, use or modification. Safeguards include physical measures (such as locked filing cabinets and limited access to offices), administrative measures (such as security clearances and limited access) and technical measures (such as the use of passwords, multifactor authentication and encryption). Only authorised Canam employees who require access to Personal Information in the performance of their duties will have access to it. Additional information on security measures applied to Personal Information can be found in Canam's Information Technology Security Policy.

CONFIDENTIALITY INCIDENT 

In the event of a Privacy Incident, the employee must immediately inform his or her supervisor and the Privacy Officer. The employee's cooperation is essential so that Canam can apply its confidentiality incident management process and comply with the requirements of the Act.

TRANSPARENCY, ACCESS AND RECTIFICATION OF PERSONAL INFORMATION

An individual whose Personal Information is collected by Canam may request, by contacting the department that collected the Personal Information, to be informed of the Personal Information collected from them, the categories of persons who have access to this information within the company, and the retention duration of the information. The individual may also request that Canam provide a copy of the Personal Information retained. 

In the event of a change to the Personal Information that Canam collects, the person concerned must notify the department that collected the Personal Information to be updated so that the information Canam holds is accurate. The same applies if the person concerned notices that the Personal Information held by Canam is inaccurate. To do so, the person concerned must contact in writing the department that collected the Personal Information to be amended. 

Notwithstanding the foregoing, Canam may refuse to disclose Personal Information to an individual where disclosure of the information could reasonably be expected to:

  • interfere with an investigation conducted by its internal security department to prevent, detect or suppress crime or breaches of the law or, on its behalf, by an external department having the same purpose or a security agency or investigation agency licensee issued in accordance with the Private Security Act (Quebec, chapter S-3.5); 
  • have an effect on legal proceedings in which any of these persons has an interest;
  • reveal Personal Information about a Third Party, or the existence of such information, and that such disclosure would be likely to cause serious harm to the Third Party, unless the Third Party consents to its disclosure, or in the case of an emergency endangering the life, health or safety of the person concerned;
  • reveal confidential information of a commercial nature.

TRAINING AND AWARENESS

Each supervisor is responsible for making his or her team members aware of the provisions of this policy and the consequences of a breach of the privacy of the persons concerned, including employees. Supervisors must regularly ensure that information resources are used in accordance with the general principles and other requirements of this policy, and are accountable for their staff's use of Personal Information. 

Supervisors are also responsible for ensuring that their team members receive training on privacy practices and the proper use of Personal Information, to minimise the risk of Privacy Incidents for the persons in which Personal Information has been collected, including employees.

HOW TO FILE A COMPLAINT 

Any person wishing to file a concerning Canam's privacy practices is invited to contact Canam's Privacy Officer.

Canam will investigate all written complaints. If a complaint is found to be justified, appropriate measures will be taken, including, if necessary, the possible modification of Canam's policies and practices.

POLICY IMPLEMENTATION 

The Privacy Officer is responsible for ensuring that this policy is applied.