Privacy and Personal Information Protection Policy
Context
Supermarché PA is a private organization operating in the food sector and is subject to the Privacy Protection Act. It fully recognizes the importance of respecting the privacy of every person who does business with it.
To allow access to and use of certain services, to be hired, or to comply with its legal obligations, Supermarché PA must collect, use, retain, and share certain personal information with its authorized partners.
As such, it is committed to implementing all necessary measures to adequately protect the confidentiality of the personal information entrusted to it.
Finally, Supermarché PA invites all concerned individuals to review this policy, as it provides the information on which consent is based for the collection, use, and disclosure of personal information by Supermarché PA and its authorized partners.
Definition of Personal Information
Personal information refers to data about an individual that allows them to be identified directly or indirectly.
Personal Information Covered by this Policy
This Policy applies to the personal information we collect, regardless of the method used: in person, by telephone, by email, through our website, and through our online portals such as the client space.
Scope of Application
This policy applies to all individuals from whom Supermarché PA collects personal information as part of its activities.
Purpose of the Policy
The purpose of this policy is to help you understand our practices regarding the collection, use, disclosure, protection, retention, and destruction of personal information, and to explain how and for what purposes we collect, use, and disclose your personal information when you use our various services or in our role as an employer, as well as how you can exercise your rights regarding the protection of personal information.
What personal information do we collect?
Please note that if you provide us with personal information about other individuals (such as family members), you must ensure that you have properly informed them that you are providing their information to us and that you have obtained their consent for such disclosure of information concerning them.
We have grouped the personal information we collect into categories presented in the table below.
| Category | Examples |
|---|---|
| 10. Identification information |
|
| 11. Recruitment-Related information |
|
| 12. Information required for Personnel management |
|
| 13. Information on your communication with us |
|
| 14. Information required to serve you |
|
| 15. Information regarding our marketing |
|
| 16. Information regarding your website usage |
|
| 17. Information on your orders and preferences |
|
| 18. Order and Transactional Information |
|
When and why must we obtain your consent?
- By confirming your consent for Supermarché PA to collect, use, and disclose personal information about you, you accept the terms described in this policy.
- Depending on the situation, a confirmation of your consent will be required based on the information contained in this policy.
- If you refuse a request for consent to collect certain personal information, Supermarché PA may not be able to provide the desired service if that service requires such information.
Governance implemented to ensure the protection of your personal information
We have adopted a personal information protection policy aimed at ensuring the protection of the personal information we collect and hold, in compliance with applicable laws.
This policy sets out the rules Supermarché PA must follow for each of the principles applicable to personal information (notably the principles of accountability, determining the purposes of collection, limiting collection, consent, transparency, etc.) and to allow individuals to exercise their rights regarding the protection of personal information (including their rights to access, correct, withdraw consent, and file a complaint).
It also establishes the roles and responsibilities of everyone at Supermarché PA in relation to personal information.
To implement this policy, we have adopted the following guidelines and procedures:
| Guidelines | Procedures |
|---|---|
| Guideline on the Management of Personal Information Incidents | It establishes a process to follow in the event of an incident involving personal information. It outlines, among other things, how to report such an incident to Supermarché PA’s Privacy Officer, the process for assessing the risk of serious harm, and determining whether the incident must be reported to the appropriate authorities, to the individuals concerned, or to any other relevant authority. |
| Procedure for the Collection, Use, and Disclosure of Personal Information | It sets out the rules we must follow to collect, use, and disclose personal information in accordance with applicable legislation. It also describes the basis for valid consent. |
| Procedure for Managing Individuals’ Rights | It sets out how we must handle various requests to exercise your rights regarding personal information as provided under applicable regulations (for example, the right to access or the right to correct your personal information). |
| Complaint Procedure | It sets out the various actions we must take upon receiving a complaint from an individual regarding the collection, use, disclosure, retention, or destruction of their personal information, in order to process that complaint. |
| Document Retention Schedule | It sets out the length of time for which we must retain our documents, including your personal information. |
| Destruction Guide | It sets out the method for securely destroying personal information, regardless of the format in which it is held. |
Who does this policy apply to?
This policy applies to any person who browses the Supermarché PA website (customers, employees, suppliers, consultants, etc.).
How and when do we collect your personal information?
Our employees are the ones who collect your personal information.
Who has access to your personal information and with whom do we share it?
Only employees who need access to your information to perform their duties have access to it. However, in certain cases provided by law, we may disclose your personal information to third parties without your consent.
When we entrust your personal information to service providers so they can deliver the required services, we ensure that they use your personal information solely for the purpose of providing those services.
How long do we retain your personal information?
We keep your personal information for as long as we need to achieve the purposes for which it was collected.
For employees, we retain the information for 3 years after the employee’s departure.
What security measures do we take to protect your personal information?
We implement widely recognized security standards to protect your personal information for the entire period during which we are responsible for it (from collection to destruction).
Technological security measures
We use various tools and protocols to ensure data protection:
- Up-to-date firewalls and antivirus systems
- Secure access to our servers and internal networks (e.g., VPN access for authorized staff)
- Encryption of online communications and transactions via HTTPS to ensure information exchanged between your device and our site remains confidential
- Payment security: all card transactions are processed by our payment provider, Paysafe, which uses encryption and other industry-standard protection technologies
- Protected passwords and limited access management based on employee roles
- Regular backups and security updates for our IT systems
Physical security measures
We control access to our premises and to equipment containing personal information:
- Restricted access to offices and server rooms
- Locked filing cabinets and storage containing confidential documents
- Video surveillance systems in our stores and offices to prevent intrusions or losses
Organizational security measures
We have implemented internal practices and procedures governing the management of personal information:
- Restricted access to offices and server rooms
- Locked filing cabinets and storage containing confidential documents
- Video surveillance systems in our stores and offices to prevent intrusions or losses
We periodically review these security measures to ensure they are properly applied, remain effective, and continue to be appropriate given the evolution of our systems and available technologies.
However, it is important to note that no method of Internet transmission or electronic storage is 100% secure. We therefore cannot ensure or guarantee the absolute security of the personal information you transmit to us, meaning you do so at your own risk. We also cannot guarantee that such information will not be accessed, obtained, disclosed, modified, or destroyed as a result of breaches of our physical, technical, or administrative safeguards.
What rights do you have regarding your personal information?
In certain circumstances and in accordance with applicable privacy laws, you have the following rights:
Access to your personal information: The right to ask Supermarché PA to confirm whether we hold personal information about you and to provide you with a copy.
Withdrawal of Consent: When we have obtained your consent to process your personal information, you have the right to withdraw your consent for its use or disclosure.
Complaint: The right to file a complaint with the Commission d’accès à l’information du Québec or any other relevant privacy regulatory authority regarding the application of any legislative provision relating to access or correction of personal information.
How do we use cookies and similar technologies?
When you visit our website, certain information is automatically collected through technologies such as cookies, log files, web beacons, and pixels. These technologies allow us to:
- Recognize your device and browser during future visits
- Understand how you navigate the site and which pages you view
- Improve the site’s performance, security, and user experience
- Conduct statistical analyses and measure the effectiveness of our marketing campaigns
Cookies are small data files placed on your device or computer, often accompanied by a unique anonymous identifier. You can configure your browser to refuse cookies or to warn you when a cookie is being sent. For more information on cookies and how to disable them: www.allaboutcookies.org.
Log files record certain data related to your browsing, such as your IP address, browser type, Internet service provider, pages viewed, and the date and time of your visit..
Web beacons and invisible pixels are small electronic files that help track browsing behaviors and measure the effectiveness of displayed content..
The information collected through these technologies may, in some cases, constitute personal information. When this is the case, it is processed in accordance with this Privacy Policy..
Changes to the policy by Supermarché PA
We reserve the right, at our sole discretion, to modify this policy at any time, in whole or in part, in accordance with applicable privacy regulations.
Effective date
This policy came into effect in September 2023.
How to contact us
For questions or comments about this Policy or about personal information, the categories of people who have access to this information within Supermarché PA, the retention period of your information, how to exercise your rights, or to file a complaint, contact our Privacy Officer using one of the following methods:
By email:
info@supermarchepa.com
By mail:
Att. Privacy Officer
Nelson Dias, Director
Supermarché PA (Head Office)
5220 avenue du Parc, Montréal, QC, H2V 4G7