FR
FR

Privacy policy

Home Privacy policy

Introduction:

Sogitex is a Quebec-based company specializing in hygiene/sanitation, restoration, and equipment repair. It has facilities at 936 Larivière Avenue in Rouyn-Noranda, 95 Distributor Street in Val-d’Or and 61, 1e Avenue Est in Amos. The main office is in Val-d’Or. We’ve been in business since 1985, and we’re still growing and expanding! To date, Sogitex has been involved in cleaning and the sale of various products (mainly hygiene, sanitation and kitchen products).

Why did we adopt this policy?

The personal information (“information”) you entrust to us is essential to our business relationship with you. We know how valuable it is, and we are determined to do everything in our power to protect it.

That’s why we’ve adopted this policy, which describes our practices for protecting your information and privacy. Our goal is to be transparent with you. This policy applies to the use and disclosure of any information collected, and the way Sogitex collects such information, during your business relationship with us. This policy applies for as long as we hold your information, including after the end of our business relationship.

To whom does this policy apply?

This policy exists in two versions, one internal and one external. The purpose of having two versions is to avoid misunderstandings. The version you’re reading now is the external one, created specifically with customers and suppliers in mind.

This policy applies to Sogitex, which includes shareholders, employees, subcontractors and the various sites and platforms controlled by Sogitex.

It applies to all personal information (sensitive or not) held by Sogitex, regardless of where the information comes from or to whom it belongs.

The only data that is excluded from the policy in most situations is professional, business, or public contact information, which includes, but is not limited to:

  • Job title
  • Company address
  • Company e-mail address
  • Work phone number
  • Company registers information

Information we collect and how we use it:

Depending on the type of business relationship we have with you (customer, supplier, employee, etc.), the information we collect, and many other points are different, however in order not to burden this policy and avoid redundancy, here is all the information we collect, regardless of the type of business relationship:

Identification information:

  • Names
  • Date of birth
  • Gender
  • Main language

 Contact information:

  • E-mail address
  • Phone number
  • Street address

 Information on your operations:

  • History of transactions and interactions in your accounts

 

How do we collect your information?

Most of the information we collect comes directly from you when you communicate or interact with us.

 

  1. We also collect data from you when we initially meet or when you change the information, we hold about you. We also collect data from you indirectly, for example:
  • invitations to events where we need to identify you

How do we use your information?

We use and share your information for :

  • Identify yourself, update your information and verify the veracity of the information provided
  • Conduct studies and data analysis to improve the business
  • Day-to-day business and operations
  • Prevent, detect and control fraud and unauthorized or illegal activities
  • Enable due diligence on our operations in anticipation of concluding a business transaction
  • Managing risks and complying with laws and regulations
  • Communicate with you using the contact details you have provided us (by post, e-mail, text messages, calls, social media)
  • Use and disclose certain information as authorized by law
  • Ensure that we offer you the right products for your needs and that we send your products to the right address

To whom and how do we share your information?

The communication, for legitimate and commercial purposes, of your information with other legal entities or individuals is sometimes necessary. For example, communication within the framework of the law, to enter you into a contract or just to pay you. At all times, we make sure to send the minimum amount of information, to ensure the security of the recipient and the purpose of the information requested.

Here is the list of those to whom we can send information:

  • The federal or provincial government in order to comply with a law
  • A financial institution for the purpose of paying you or taking funds from you
  • To our insurer to insure you
  • To our sales and operations department so that we can send items to the right place and contact you in the right way if there is a question.
  • Acceo, our inventory management software provider
  • KeCommerce, our transactional product sales site
  • Word Press, our information site where you can send your CV
  • Our various suppliers to enable them to contact you and help you in the best possible way

It is possible that by transmitting your data to our third parties, it may end up outside Quebec, but we take this into account when establishing our business relationships to reduce the chances of this happening.

How will we transmit your information?

To reduce the risk of incidents, information should be sent by hand or by voice. If the information to be sent is too complex to give by hand or voice, the sender is responsible for confirming with the recipient why the information is needed and how it will be sent. This measure is put in place to reduce the risk of sending information to phishers.

When do we ask for your consent?

We use your information only with your consent or if the law permits us to do so without your consent. Consent may be sought at various times, such as at the time of collection, use or disclosure of your information. Consent may also be implied in certain situations, for example, when you decide to provide your information.

However, we will not seek consent for every interaction with you. By this, we mean that we may call you to discuss a shift change and we will assume that you consent to this, as you are in our employ. Also, we will not seek your consent in cases where the use of your information is clearly for your benefit.

Finally, we will not obtain your consent in the following situations which are included in the law:

  • To exercise a court order
  • Preventing an illegal act
  • Collaborate on a survey

Your rights Right to refuse

You are the owner of your information. To respect this fact, you may refuse to provide us with certain information, provided such refusal does not violate any law. However, a refusal to disclose information may prevent us from offering you specific services if the refusal breaks contracts or internal rules (while remaining non-discriminatory).

You also have the right to restrict how we use your data. However, as with the right of refusal, restricting how we use your data may prevent us from offering you certain services.

Right to withdraw your consent

You can withdraw your various consents at any time. However, as with the previous points, withdrawing certain consents may cause a breakdown in service, as some are mandatory for the business relation. To do so, simply contact our Privacy Officer. The Privacy Officer will deal with your request as quickly as possible. You can find the contact details of the person in charge in the section ”Do you have any questions, comments or would you like to have access to your information? If we have a situation that delays the processing of your request, we will notify you.

Right of access to your information

You may ask to see the information we hold about you at any time unless we are prevented from doing so by law.

To receive a report containing the information we hold on you, you can make a request to the Privacy Officer. The Privacy Officer will deal with your request as quickly as possible. You can find the contact details of the person in charge in the section ”Do you have any questions, comments or would you like to have access to your information? If we have a situation that delays the processing of your request, we will notify you.

Right to have your information corrected or removed

You can contact us to change your information. It is essential to do so when it may affect your deliveries or other critical services. Accurate and complete information makes our job easier. If you wish to change any information, you can contact the Privacy Officer. The Privacy Officer will ensure that your request is processed as quickly as possible. You can find the contact details of the person in charge in the section ”Do you have any questions, comments or would you like to access your information? If we have a situation that delays the processing of your request, we will notify you. The same procedure applies if you wish to withdraw information, but please remember that withdrawing information may result in a break in service.

The security of your information

We use several means to protect your information:

Service life

We retain your physical and digital information only for the duration of our business relationship. As soon as either party terminates the relationship, we will ensure that all information is destroyed, except that which cannot be de- tricted without breaching a law. Destruction will be carried out by the Privacy Officer or by a secure and trusted agent. Also, a portion of documents may be anonymized instead of destroyed if they have statistical value. We will make sure to respect the anonymity criteria listed in the “Anonymous Information” section.

Physical preservation

Sogitex physically stores all information at 95 Distributor Street. This locked storage is accessible to a restricted number of people. However, when these are used, they may be in other locations in the hands and under the responsibility of different people with access to use them. You can find this list in the section entitled “List of persons authorized to access information”. The Privacy Officer will ensure that this list is kept up to date.

Digital preservation

To reduce security risks, most of the information remains in physical form only. However, to improve the speed of operations and reduce the company’s ecological impact, a portion of documents will be stored in digital form. These will be stored on different structures divided by data type. Information will also be access-protected to ensure that users can only access the information they need to do their jobs. Both access management and information protection will be the responsibility of the Privacy Officer, who will also be responsible for updating the information.

Copies

As a rule, we should make as few copies as possible to reduce the risk of incidents. However, it is unavoidable that certain positions may require you to copy certain information to work properly. You will find in the article ”List of information where copying is accepted” the information you can copy according to your position.

IT auditing, testing and more to ensure the real security of information

To ensure that there are no loopholes in the system, the Privacy Officer will periodically perform various activities to test processes and managers to ensure that they are working securely with your information. Activities affecting digital information will be detailed in the Cyber Security Policy, however the specific details of physical and digital activities will only be known to the Privacy Officer and the Cyber Security Committee.

Anonymous information

When planning our activities, we need to base ourselves on concrete data. To protect your privacy and enable Sogitex to adapt to the market, we are going to anonymize your information. To do this, we will follow the following procedure:

  1. The Privacy Officer or an authorized representative will be responsible for the
  2. The project manager must begin by recovering all digital and physical versions or copies of the database, which must be
  3. The person in charge must then destroy all personal information that could be used to identify individuals. If a piece of information is to be kept, it must be grouped together to ensure anonymity. For example, if age is to be kept, the person in charge will group the ages into 5 age brackets, thus anonymizing the data. Also, as Sogitex is a small company, the manager must use his or her best judgment to ensure that the data is properly anonymized. If an X candidate can be identified by age grouping, the process must be repeated to ensure that the data is truly anonymous.
  4. Once the housework has been done, the person in charge must produce one or more files that meet the needs of the project. Care must be taken to ensure that even with all the files, the data remains anonymous.
  5. Finally, the manager must destroy the original databases, both physical and

The Privacy Officer will also have the right to review surveys claiming to be anonymous to ensure that they are truly anonymous from the outset.

Sanction

If an employee fails to comply with the policy or takes an action that puts the security of information at risk, the Privacy Officer may take disciplinary action in accordance with the gradation of sanctions if the action taken merits a measure.

Do you have questions, comments or would you like to access your information?

Our Privacy Officer is here to answer your questions and assist you with your requests. You can reach the Privacy Officer by writing to one of the following addresses: 

vieprive@sogitex.com

or

Privacy Officer 936 avenue Larivière

Rouyn-Noranda, Quebec J9X 4K5

List of persons authorized to access information

Several people will need access to information to do their jobs properly. Here’s what each position is entitled to access:

General Manager, Privacy Officer, Financial Controller, Financial Director, Human Resources Advisor or Human Resources Director

What: All information held by the company

Purpose: The roles listed need access to all the information they need to do their jobs. By the same token, they will also be the only ones able to perform tasks such as anonymization.

Accounting Department

What: Banking and identification information

Purpose: The accounting department needs to make payments, so they need access to banking and identification information to send or withdraw money to the right people.

Sales and Operations Department

What: Information about operations

Purpose: The Sales and Operations Departments need a variety of information to ensure proper functionality. To make sure they sell the right items, to the right people, and send them to the right place.

Department management

What: Different information for different projects

Purpose: With the approval of the Privacy Officer, individual managers may request access to additional information on a temporary basis, if the information is required for a new project.

List of information where copying is accepted

Each copy of information is an additional risk to be managed. To reduce the risk of incidents, copying is restricted to specific situations:

If the Privacy Officer has approved the copy If the copied information includes only this:

  • Name
  • Phone number
  • Street address
  • E-mail address