Privacy Policy

The purpose of this policy is to ensure the protection of personal information and to define the procedures for the collection, use, disclosure, retention, destruction, and management of information by ApothicAri, including management, employees, suppliers, etc. In addition, it aims to inform all individuals concerned about the processing of their personal information by ApothicAri, whether they are customers, employees, or any other individuals.

LIABILITY

ApothicAri assumes full responsibility for protecting the personal information under its control. The information collected, used, disclosed, stored, or destroyed is governed by this policy with the aim of protecting the privacy of all individuals.

To ensure optimal protection of personal information, the person responsible for information protection at ApothicAri must:

Oversee and review internal practices and procedures for handling personal information and compliance with current laws;
Suggest measures to ensure the ongoing protection of personal information that are consistent with privacy impact assessments;
Implement the necessary measures within the company to ensure the protection of information;
Ensure compliance and staff training in best practices for protecting personal information.
Coordinate, investigate, and respond to requests and complaints related to the protection of personal information;
Communicate with the person(s) concerned and the Commission d'accès à l'information (CAI) in the event of a data leak or any incident;
Keep a record of incidents relating to personal data.

Protecting personal information is everyone's business. No reprisals may be taken against an individual who files a complaint relating to the protection of personal information or participates in an investigation by the CAI.

COLLECTION OF PERSONAL INFORMATION

The personal information collected enables ApothicAri to perform its functions and conduct its business in accordance with applicable laws and standards. ApothicAri collects personal information only if it is necessary and for specific, predefined purposes. Personal information is collected directly from the individual concerned and with their consent, unless an exception is provided for by law.

Appendix A contains a non-exhaustive list of the information collected and the intended use of the data. Most of the personal information collected concerns employees in order to meet the company's legal obligations. The disclosure of personal information about other individuals may be requested in order to assist employees in an emergency, for example. It is the responsibility of employees to obtain their consent before providing us with their contact details.

With regard to customer information, data is provided to feed into our CRM, contracts, and billing, but it is mostly professional or business information such as email and phone numbers for contacting them or payment methods for services rendered. Payment information is entered into the CRM by the customer whenever possible and is hidden from other members of the company to ensure confidentiality. For customers who have filled out a form with their credit card or business or professional bank account number, the data is only accessible to a small number of employees, such as administration and owners, for processing purposes.

CONSENT AND ACCURACY OF PERSONAL INFORMATION

ApothicAri ensures that personal information is collected for legitimate, clear, and specific purposes and with the free and informed consent of the individual. Consent is required for any collection, use, or disclosure of personal information. Before collecting personal information, we will obtain your informed consent in writing and separately, providing you with clear details about the purpose of the collection and how the information will be used. Your consent is essential to ensuring the protection of your personal data.

LIMIT ON THE USE OF PERSONAL INFORMATION

We collect and use your personal information only when necessary and for the purposes for which consent has been obtained. ApothicAri must provide certain information in order to comply with legal and regulatory verification processes and requirements. Use may vary, but could include various purposes as illustrated in Appendix A.

Information may be disclosed to third parties to the extent necessary for the purposes of the activities listed in Appendix A. ApothicAri cannot be held responsible for the behavior and use of such information by third parties.

Personal information will not be used or disclosed for purposes other than specific purposes unless required by law.

PROTECTION OF YOUR PERSONAL INFORMATION

ApothicAri takes all reasonable precautions and has implemented significant physical and technical measures to prevent unauthorized or illegal use of and access to personal information. The measures in place include, among others:

Use of information only when necessary;
Ensure the confidentiality and protection of personal information that a person has become aware of in the course of their duties, unless authorized to disclose it by the person concerned.
Protection of files with selective and limited access to authorized persons;
Securing access to offices with door locks and access codes;
Secure shredding of paper files;
Two-factor authentication for all logins on platforms;
Immediate withdrawal of access following the end of a business relationship.

All individuals are required to contribute to the protection of personal information. If you suspect that sensitive information has been compromised, you must immediately notify the person responsible for protecting personal information.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

ApothicAri undertakes to comply with the minimum retention periods specified for each category of personal information and applicable laws. However, if the information collected is no longer useful to Prosomo and its retention is neither necessary nor mandatory under the various legislative frameworks, it will be destroyed, erased, or converted so as to remain anonymous.

COMMITMENT TO TRANSPARENCY

ApothicAri is committed to being transparent about the processing, procedures, and purposes of use that govern personal information from customers, employees, interns, and business partners.

ACCESS TO YOUR PERSONAL INFORMATION

An individual may request access to personal information concerning them and the means used to collect it. Depending on the content of the individual's file, exceptions may apply, such as personal information concerning others, but the individual will be informed of this. If the information in the file is inaccurate, the individual concerned may request that it be corrected.

To consult, withdraw, and/or modify your personal information, you may write toinfo@apothicari.ca. You may withdraw your consent to the disclosure of your personal information at any time. A written request must be submitted to the privacy officer at info@apothicari.ca. A response will be provided within 30 days of receipt. When it is not possible to share the requested information, legal justification and support must be provided to the requester to support the decision.

FILE A COMPLAINT

A person who believes that their personal information has been collected, retained, used, disclosed, or destroyed in a manner that does not comply with the provisions of this policy may file a confidential complaint with the Privacy Officer at info@apothicari.ca. The individual must provide their name, contact information, including a phone number, and the subject and reasons for the complaint. Sufficient details must be provided so that the complaint can be properly assessed. A response will be provided within 30 days of the date of receipt of the complaint. If the complaint is insufficiently specific, the Privacy Officer may request any additional information deemed necessary to assess the complaint. The Privacy Officer will investigate complaints received, minimize damage, and take the necessary corrective measures.

It is also possible to file a complaint with the Commission d’accès à l’information du Québec (Quebec Access to Information Commission). However, ApothicAri encourages those concerned to first contact the privacy officer and wait for the conclusion of the planned processing procedure.

APPROVAL

This policy has been approved by the Chief Privacy Officer at ApothicAri.

Privacy Officer:
91 St-Croix Road
Baie-St-Paul, QC
G3Z 1A4
info@apothicari.ca

For any requests, questions, or comments regarding this policy, please contact the person in charge by email.

APPENDIX A

Persons concerned	Categories of information	Types of information	Purposes for which information is retained
Employees	Allocation	Recruitment-related information, such as a resume, educational and professional background information, and details about previous employers for employment verification for potential recruitment.	Internal management (evaluation of applications)
Employees	Hiring (Employees and internships)	Information to be included in the employee file, such as first and last name, contact details, SIN, remuneration, banking information, employment or internship contract, emergency contacts, etc.	Internal management (payroll operations, legal obligations, CNESST, RRSPs, pay equity, performance management, etc.)
Customers and suppliers	Accounting management system, CRM, and project management	Information relating to services requested and/or provided. Billing and financial information, such as a billing address, bank account information, or payment details.	Internal management (IT services, cybersecurity, billing, project management, communication management, information gathering within the framework of a program, contract, and service agreement)

Privacy Policy

Menu

Contact

Menu

Contact

Stay informed