Policy on the Protection of Confidential Information

Policy Objective

The purpose of this policy is to safeguard the confidential information of the company in accordance with applicable laws and regulations, as well as to prevent unauthorized access, disclosure, or misuse of such information.

Policy Scope

This policy applies to all employees of GROUP CORFLEX.

Definitions

  • Confidential Information: Any information, data, or document deemed confidential under Law 25 and the company’s internal policies. This may include, but is not limited to, personal data, trade secrets, financial information, business strategies, etc.

Examples of Confidential Information:

  1. Personally Identifiable Information (PII): This may include information such as name, address, date of birth, social security number, medical information, financial information, salary, etc. This information is confidential and, except in exceptional circumstances, may not be disclosed without the consent of the concerned individual.
  2. Trade Secrets: Sensitive information about products, manufacturing processes, formulas, techniques, research and development methods, and marketing strategies may be considered confidential.
  3. Customer Data: Information about purchases, consumer habits, preferences, purchase history, and customer contact data is generally considered confidential.
  • Authorized Personnel: Employees, contractors, consultants, or any other individuals with access to confidential information in the course of their duties or contractual agreements with the company.
  • Breach of Confidentiality: A breach of confidentiality occurs when there is a security violation or unauthorized disclosure of confidential information, such as personally identifiable information, trade secrets, or others.

An “incident of confidentiality” includes:

  • Unauthorized access by law to personal information.
  • Unauthorized use by law of personal information.
  • Unauthorized disclosure by law of personal information.
  • Loss of personal information or any other breach of the protection of such information.

Responsibilities 

Company Leadership (Executive Team):

  • Ensure appropriate policies and procedures are in place for the protection of confidential information.
  • Appoint a confidential information protection officer, President Jonathan Vadeboncoeur.
  • Ensure regular employee awareness, training, and education regarding the protection of confidential information.
  • Have employees sign a confidentiality agreement.
  • Develop and implement appropriate policies, procedures, and controls for the protection of confidential information.
  • Ensure compliance with legal and regulatory requirements for the protection of confidential information.
  • Monitor activities related to the protection of confidential information and conduct regular information security assessments.

Authorized Personnel with Access to Confidential Data:

  • Adhere to the company’s policies and procedures regarding the protection of confidential information.
  • Use confidential information only within the scope of their professional responsibilities and disclose it only to authorized individuals.
  • Report any security breaches or suspected misuse of confidential information.

Incident Response Team (Executive Committee):

  • Create an incident reporting form.
  • Investigate the causes and circumstances of a confidentiality breach.
  • Maintain an incident register within the company.
  • Recommend improvements to security protocols, procedures, and preventive measures.

Security Measures:

  • Restricted Access: Each Director is responsible for ensuring that confidential information is only accessible to authorized individuals who require access as part of their duties. Appropriate access controls, such as unique identifiers, strong passwords, and access rights management, must be implemented.
  • Document Management: Confidential information must be stored in secure systems, such as protected servers and encrypted storage devices. Document management procedures must be in place to track access, modification, deletion, and destruction of confidential information. Employees with access to confidential information must print with secure codes.
  • Awareness and Training: Regular awareness and training programs must be implemented to inform employees about policies and procedures for protecting confidential information, as well as best practices for information security. Regular training sessions will be organized to maintain knowledge and competence in information security and to inform employees about the latest threats and best practices for prevention.
  • Monitoring and Auditing: Monitoring and auditing mechanisms must be in place to detect any security breaches or suspected misuse of confidential information. Regular internal audits and periodic external assessments may be conducted to assess the effectiveness of security measures.

Procedure and Incident Register for Confidentiality Breach

  1. As soon as a breach of confidentiality incident is detected or reported, an intervention team will be immediately assembled. This team consists of Corflex’s executive team, including the President, Chief Financial Officer, Director of Human Resources, Executive Director of Manufacturing Operations, Director of Accounting, and Director of Customer Operations.
  2. The intervention team will assess the extent of the incident, identify the affected information, and determine immediate measures to minimize damage and limit the spread of the incident.
  3. Effective internal communication will be established to inform all internal stakeholders of the confidentiality breach incident, ensuring adherence to appropriate communication protocols. Relevant departments must be notified in a timely manner.
  4. Compliance with disclosure laws and regulations will be monitored. Depending on the nature of the incident, it may be necessary to report the incident to the relevant authorities or notify individuals affected by the breach of confidentiality.
  5. Incident Investigation: A comprehensive investigation will be conducted to determine the causes and circumstances of the incident. Information security experts may be involved in analyzing system vulnerabilities and weaknesses. Appropriate corrective measures will be identified to prevent similar breaches of confidentiality in the future. Improvements to security protocols, procedures, and prevention measures will be implemented. Every incident will be documented in a register maintained by the Director of Human Resources.
  6. Appropriate disciplinary measures will be taken in accordance with internal policies and applicable laws against individuals responsible for intentional or negligent breaches of confidentiality.
  7. If necessary, assistance will be provided to individuals or parties affected by the breach of confidentiality, such as offering identity theft protection services or other support measures.

Sanctions 

Any violation of this confidential information protection policy may result in disciplinary sanctions, including warnings, suspensions, contract terminations, or legal proceedings, depending on the seriousness of the offense and in accordance with applicable law.

Policies and procedures for managing confidentiality breach incidents will be regularly reviewed and updated to reflect advancements in technology and regulations.

Your Rights as a User

You may revoke or change your consent to the collection of your data at any time by using the link here.

Contact us

Please do not hesitate to contact us if you have any questions or concerns regarding this privacy policy. You may contact our Privacy Officer by e-mail at confidentialite@corflex.ca or by mail using the following contact information:

 

To the attention of the Privacy Officer

10, RUE POISSANT
DELSON, QUÉBEC
J5B 2J1
CANADA