ClientLogo_1

Personal Information Protection

Context The protection of personal information is an important issue for ROYAL LEPAGE ALTITUDE. To meet the legal requirements set out in the Act respecting the protection of personal information in the private sector, as amended by the Act modernizing legislative provisions regarding the protection of personal information, we have implemented policies and practices applicable to all members of our organization. Appointment of a privacy officer First, we have appointed a Privacy Officer who ensures the integration and implementation of measures designed to protect personal information. Guiding principles Next, our agency has adopted a series of 14 principles to guide our approach and promote the protection of personal information, which are as follows:

  • Choice and consent
  • Legitimate purpose and limited collection
  • Personal information lifecycle
  • Accuracy and quality
  • Transparency and notice to the individual concerned
  • Individual participation
  • Accountability
  • Security measures
  • Monitoring, measurement, and reporting
  • Prevention of harm
  • Incident management
  • Third-party and vendor management
  • Security and “Privacy by Design”
  • Information flow and legitimate restrictions

Roles and Responsibilities
In another section, we have defined the roles and responsibilities of our agency’s members with respect to the protection of personal information, including the Board of Directors, senior management, the Person in Charge of the Protection of Personal Information (PCPPI), and employees in general. To ensure consistency and compliance across the organization, this is supported by an annual training program.

Consent
Given that consent is one of the cornerstones of the reform introduced by Québec’s Law 25, we have dedicated a section to the concept of consent to ensure that its parameters are properly applied according to the circumstances.

Retention and Destruction of Personal Information
To strengthen our control over the personal information we hold, we determine in advance the scope of its lifecycle, based on the purposes for which it was collected, in order to define retention periods and destruction dates. Accordingly, personal information is retained only for the time strictly necessary, in compliance with applicable laws and regulations.

In accordance with Law 25, individuals may request access to, correction of, or withdrawal of their personal information.

Security of Personal Information
As security measures are essential to ensure the protection of personal information, our policies and practices include physical, logical, and organizational security measures. In addition, a section is dedicated to incident management in order to minimize potential impacts, where applicable.

Rights of Individuals
Under Québec’s Law 25, individuals are granted various rights (information, correction, access, erasure, portability), including the right to report a violation of these rights, where applicable. To enable individuals to exercise these rights, we have established a request management policy under the responsibility of the Person in Charge of the Protection of Personal Information. Through our Privacy Policy, individuals may submit any request, which will be processed in accordance with applicable laws and regulations.

Update
The latest update of this document was made on: November 29, 2023.