top of page
Policy and practices governing governance of personal information

LES PEINTURES CAMÉLÉON is committed to protecting all personal information collected and used in the
management of its activities.

PURPOSES OF COLLECTING INFORMATION 

All persons working with, for or on behalf of LES PEINTURES CAMÉLÉON are required to respect the confidentiality of personal information and the right to privacy of every individual, in accordance with the Privacy Act, when collecting, using, disclosing, retaining or disposing of personal information in the course of their duties.

POLICY STATEMENT

Personal information under the custody or control of LES PEINTURES CAMÉLÉON is only created, collected,
retained, used, disclosed and disposed of in a manner that complies with the Privacy Act. We respect the privacy rights of individuals whose personal information is in our possession, in accordance with these requirements.


PERSONAL INFORMATION
Personal information is defined as any information or combination of information that relates to a natural person and allows that person to be identified. However, an individual's name, business title, business
address, business telephone number and business e-mail address are not personal information.

 

Personal information must be protected regardless of the nature of its medium or form: written, graphic, audio, visual, computerized or other.

CONSENT

The organization obtains the written consent of an individual in the following situations:

  • prior to collecting personal information, unless seeking consent would result in the collection of inaccurate information, defeat the purpose of collecting the information or compromise the use of the information collected. For example, the organization will generally consult with the complainant to indirectly collect personal information for the purpose of conducting an investigation;

  • before using or disclosing personal information for purposes that do not respect the purposes for which the information was collected or prepared;

  • prior to any disposal of personal information, unless such disposal is expressly authorized by law;

  • if it intends to disclose a complaint received by the company or any privileged or confidential information obtained in the course of an investigation or proceeding. ln such cases, the written consent of all persons whose rights or interests may reasonably be affected must be obtained.

Obtaining an individual's consent to the collection of personal information does not replace or establish the
authority to collect such information under the Privacy Act; rather, the organization must ensure that the
personal information to be collected is directly related to and demonstrably necessary for the organization's
regulatory activities.

COLLECTION OF PERSONAL INFORMATION

Personal information may only be collected or created (e.g., the assignment of a licence number or the
imposition of licence restrictions constitutes the creation of persona! information) under the following
conditions:

  • the personal information is directly related to a regulatory activity of the organization;

  • the collection of this personal information is necessary to enable the organization to fulfill its statutory purposes or regulatory objectives.

To determine whether personal information is directly related to a regulatory activity, consult the policies that require or authorize the collection of personal information. The organization's policies provide guidance and advice on the need to collect personal information to enable the organization to meet its objectives. Before collecting or creating new personal information, the organization must :

  • ldentify the personal information that will be collected;

  • ldentify the purposes for collecting each type of personal information;

  • collect only the personal information required to fulfill the identified purposes.

 

The organization collects or creates personal information intended to be used for administrative purposes
directly from the individual concerned, except when :

  • the individual authorizes the organization to collect personal information from another source;

  • the personal information is collected for a purpose for which it may be disclosed to the organization;

  • collecting personal information directly from the individual could result in the collection of inaccurate information; or

  • collecting personal information directly from the individual could defeat the purpose or compromise the use for which the personal information is collected. For example, the organization will generally consult with the person making a complaint to indirectly collect personal information for the purpose of conducting an investigation.

We limit the collection, use and disclosure of your personal information to the purposes we have identified
to you. Your personal information may only be accessed by certain authorized persons, and only for the
purposes for which they have been designated.

DISCLOSURE OF PERSONAL INFORMATION

Personal information held by the organization will not be disclosed without the consent of the individual
concerned or unless disclosure is authorized or required under the Privacy Act.
Any person subject to this policy must :

  • disclose only the minimum amount of personal information required to satisfy the valid purposes indicated;

  • consult with the Privacy Officer before disclosing any personal information other than that required in the course of his or her duties.


RETENTION OF INFORMATION

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected. We must destroy this information in accordance with the law and our records retention policy. When we destroy your personal information, we take the necessary measures to ensure its confidentiality and that no unauthorized person has access to it during the destruction process.

ACCURACY

The organization takes reasonable steps to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used, and to minimize the possibility that inaccurate or incomplete information may be used to make a decision that directly affects an individual.

 

The organization has documented procedures allowing individuals to request correction of their personal information when they believe there has been an error or omission.

 

We do not routinely update personal information unless necessary to fulfill the purposes for which it was
collected. The degree of accuracy, currency and completeness of personal information will depend on the
input you provide on the consent form .


RESPONSIBILITY

We are responsible for personal information in our possession or custody, including information we entrust to third parties for processing. We require these third parties to maintain this information in accordance with strict confidentiality and security standards.

 

Our Privacy Officer oversees this Privacy Policy and related processes, as well as the procedures to be
followed to protect this information.

 

Our staff is informed and properly trained on our privacy policies and practices.


SECURITY MEASURES

The organization is required to protect personal information in its custody or control from such risks as unauthorized access, collection, use, disclosure or disposal, by taking reasonable security measures. These
include a combination of technical, administrative and physical safeguards. The reasonableness of security
measures takes into account such factors as the sensitivity, amount, distribution, format and method of storage of the information to be protected.

 

We have implemented and continue to develop stringent security measures to ensure that your personal information remains strictly confidential and is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

 

These security measures include organizational measures such as restricting access to what is necessary; backing up and archiving data using an external system, etc.); and technological measures such as the use of passwords and encryption (for example, frequent password changes and the use of firewalls).

ACCESS TO PERSONAL INFORMATION

The organization requires that access to personal information be role-based and limited to the minimum amount of information required for authorized purposes.


The organization monitors access to and use of personal information in order to promptly detect instances of inappropriate or unauthorized access to or processing of personal information by such means as auditing.

 

The organization requires service providers to comply with the organization's legal obligations relating to
the processing and protection of persona! information, and service providers are required to comply with
this Privacy Policy.

REQUEST FOR ACCESS TO INFORMATION AND AMENDMENTS 

Subject to the exceptions set out in the Privacy Act, any individual may access, review or receive a copy of his or her personal information held by the organization by submitting a written request to that effect to the organization's Privacy Officer.

 

We will provide you with such information within a reasonable time from the date of receipt of the written request. A reasonable fee may also be charged for processing your request.

Under certain circumstances, we may refuse to provide you with the requested information. Exceptions to your right of access include the fact that the information requested concerns other individuals, that the information cannot be disclosed for legal, security or copyright reasons, that the information was obtained in the course of a fraud investigation, that the information can only be obtained at prohibitive cost, or that the information is the subject of litigation or is privileged.


When we hold medical information about you, we may refuse to disclose it directly to you and request that
it be disclosed to a health care professional designated by you.


You may verify the accuracy and completeness of your personal information and, if necessary, request that
it be amended. Any request for amendment will be processed within a reasonable period of time.


Requests to access or amend personal information may be sent to the address below:

PRIVACY OFFICER
Name :
Rénald Labonté 
E-mail : rlabonte@peinturescameleon.com 
Telephone : 418 881-3350 

COMPLAINTS AND QUESTIONS

You may contact the Privacy Officer at the above address.


All complaints concerning the protection of personal information should be forwarded to the Privacy Officer
at the above address.


We will investigate all complaints. If a complaint is found to be justified, we will take appropriate measures,
including, if necessary, amending our policies and practices.

TRAINING AND AWARENESS

The company promotes best practices and respect for transparency and privacy rights in a number of ways:

  • lt informs all team members (consent form);

  • lt posts the name and contact details of the person responsible for PR;

  • lt mobilizes various means of raising awareness, including :

Information sessions on the protection of personal information, reminders at team meetings, training for
her staff, an action plan for the protection of personal information, a logbook, etc.

APPLICATION 
If for any reason you feel that the company has not adhered to these principles, please notify us by contacting our Privacy Officer. We will then take the necessary steps to identify and correct the problem within a reasonable timeframe. Please mention "Privacy" in the subject line.

 

POLICY UPDATE

This policy must be reviewed every three years. lt must also be updated whenever there is a substantial
change in legislation or regulatory requirements.


Updated: August 25, 2023
 

bottom of page