top of page

Confidentiality Policy

Purpose

This Confidentiality Policy outlines Art Systems Canada's commitment to protecting personal information in compliance with Quebec’s Act respecting the protection of personal information in the private sector (Law 25). It ensures that personal information collected, used, or disclosed is safeguarded in accordance with applicable laws.
 

Scope

This policy applies to all employees, contractors, and third parties who handle personal information on behalf of Art Systems Canada in Quebec or involving Quebec residents.
 

Definitions

  • Personal Information: Any information relating to an identifiable individual, as defined under Quebec's Law 25.

  • Confidentiality Incident: Any unauthorized access, use, disclosure, or loss of personal information.
     

Policy Statements
1. Collection of Personal Information

Art Systems Canada collects personal information only when necessary for service purposes, such as account opening or credit information. Consent is obtained explicitly, in accordance with Law 25, before or at the time of collection, unless an exception applies (e.g., legal obligations).

We collect only the information necessary for the purposes defined below, including:

  • Full name, job title, and contact information (email, phone, address)

  • Company information related to services provided

  • Device identifiers (IP address, MAC address)

  • Information required for technical support or service contracts

  • Data related to service usage and diagnostics (logs, support tickets).

Collection Methods:

  • Through forms on our website

  • During service delivery and technical support

  • Via communications (emails, phone calls)

  • Through our monitoring and managed service tools

2. Use and Disclosure

Personal information is used solely for the purposes identified at collection or as permitted by Law 25. Disclosure to third parties occurs only with consent or when required by law, and recipients are bound by confidentiality agreements to preserve data protection.

Personal information is used for the following purposes:

  • To deliver and manage IT services and support

  • To maintain service agreements and business relationships

  • To secure systems and detect unauthorized access

  • To respond to service requests or inquiries

  • To comply with legal obligations and internal audit requirements
     

We will not use your information for purposes other than those stated unless we obtain your explicit consent.

3. Data Security

Art Systems Canada implements strict security measures, including data encryption, to protect personal information against unauthorized access or confidentiality incidents. These measures align with Law 25’s requirements for safeguarding data.

We implement robust technical and administrative safeguards to protect personal information, including:

  • Encrypted backups

  • Role-based access controls

  • Firewall and antivirus protection

  • Regular audits and monitoring

  • Employee confidentiality agreements and training

4. Privacy Impact Assessments (PIAs)

As required by Law 25, Art Systems Canada conducts PIAs for clients projects involving personal information, particularly when transferring data outside Quebec. PIAs assess risks and ensure compliance with privacy obligations.

We do not sell or rent personal information. We may share it with:

  • Authorized employees and subcontractors who require access to fulfill their roles

  • Cloud service providers (e.g., Microsoft, backup providers), only where necessary and under strict confidentiality agreements

  • Legal authorities, if required by law

All third parties are contractually obligated to safeguard the data in accordance with Law 25.

5. Confidentiality Incidents

In the event of a confidentiality incident, Art Systems Canada will:

  • Assess the risk of harm to affected individuals.

  • Notify the Commission d’accès à l’information and affected individuals if the incident presents a risk of serious harm, as mandated by Law 25.

  • Maintain a register of all incidents for 5 years.
     

6. Data Retention and Destruction

Personal information is retained only as long as necessary for service purposes or as required by law. Once no longer needed, data is securely destroyed or anonymized using unrecoverable digital methods or by an external certified company for standard documents and folders.
 

7. Individual Rights

Under Law 25, Quebec residents have the right to:

  • Access their personal information held by Art Systems Canada.

  • Request corrections to inaccurate or incomplete data.

  • Withdraw consent for the use or disclosure of their information, subject to legal restrictions. Requests are processed within 30 days, as required by law.
     

8. Third-Party Data Sharing

When personal information is shared with third parties, Art Systems Canada ensures compliance with Law 25 through confidentiality agreements. Data transfers outside Quebec are subject to confidentiality assessments to ensure equivalent protection.
 

9. Training and Awareness

All employees and relevant stakeholders receive annual training on Law 25 compliance and data protection practices to ensure adherence to this policy.
 

10. Policy Governance

The Chief Privacy Officer is responsible for overseeing compliance with this policy and Law 25. The policy is reviewed annually to reflect legislative changes or organizational needs.
 

Contact Information

For questions, requests, or complaints regarding personal information,
contact: Marie-Josée Laplante
Email: MJLaplante@art-systems.net
Tel.: 1 514 279-7754
 

Effective Date

This policy is effective as of July 2023 and was last updated on Sept 2024.

Send us a message
 and we’ll get back to you shortly.

20 + Years
Experts
Services

Montreal (514) 279-7754

Toronto : (647) 313-1373

Calgary : (403) 879-1244

Copyright © 2003-2025
Art Systems Canada Inc.

bottom of page