Update: September 22, 2023
This document summarizes our rules relating to the governance of personal information. These rules apply to allOption consommateurs staff (employees, trainees, volunteers), in the context of any activity involving the processing of personal information.
2. Personal information management
Collection and use of personal information
An employee ofOption consommateurs may collect or use a consumer's personal information solely for the purpose of providing the requested service. An employee is prohibited from collecting or using personal information for any purpose other than to provide the service requested by the consumer, unless such collection or use has been approved in advance by the Privacy Officer.
Disclosure of personal information
Any disclosure of personal information to a third-party organization or individual is prohibited, unless such disclosure is required by law or court order, or unless the individual concerned has given his or her consent.
Retention of personal information
Personal information retained by Option consommateurs is destroyed once the purpose for which it was collected has been fulfilled, according to a retention schedule established by us.
An employee ofOption consommateurs is prohibited from storing personal information in any location other than that expressly designated for that purpose.
Internal access to personal information
Access to the various databases of personal information is strictly restricted to those employees who require it in the course of their duties. The Privacy Officer is responsible for assigning and managing access to the various personal information databases.
Security of personal information
Option consommateurs deploys technical and administrative security measures to ensure a high level of protection for personal information.
Employees receive training on the security of personal information. In the course of his or her work, an employee must take reasonable precautions to protect the confidentiality of personal information to which he or she has access.
An employee must promptly report to the Privacy Officer any situation of which he or she is aware where personal information held by Option consommateurs may have been compromised.
Option consommateurs shall respond within 30 days to any complaint, request for deletion or access to personal information made by a consumer, unless a legal provision prevents deletion or access. In such cases, we will communicate our justified refusal to the consumer.
Complaints and other requests relating to personal information shall be promptly transferred to the Privacy Officer, who shall ensure that they are dealt with in a timely manner.
3. Confidentiality incidents
We have established a management plan in the event of a privacy incident involving personal information held by Option consommateurs.
4. Pre-approval of projects
Any new project involving the collection, use or disclosure of personal information is subject to prior approval by the Privacy Officer, during which a Privacy Impact Assessment will be carried out. The same applies to the communication of personal information outside Quebec, as well as to the collection or use of personal information for secondary purposes.
As required by law, Option consommateurs appoints a Privacy Officer. The current Privacy Officer is :
Option consommateurs has also set up an Archiving and Cybersecurity Committee, which plays an advisory role in the governance of personal information.