Privacy and Personal Information Protection Policy

PRIVACY POLICY

1. General Information

1.1 Introduction

Data privacy is important to Services actuariels SAI inc. (hereinafter referred to as the "Entity", " We", "Us", "Our"). For this reason, We have implemented safeguards and management practices for your Personal Information in accordance with applicable laws in Quebec and Canada.

This privacy policy (the "Policy"), which should be read in conjunction with Our Legal Notice, describes our practices with respect to the collection, use, processing, disclosure and retention of Personal Information of our customers, visitors and users. It applies to the Entity as a whole.

By using our websites at saiinc.ca or saisentinel.ca or saisentinel.com or ipp-rri.ca (the "Websites") or any of our services, you agree that We may collect, use, process, disclose and retain your Personal Information in accordance with the terms described herein. If you do not agree to abide by and be bound by this Policy, you are not permitted to visit, access or use Our Website or Services, or share your Personal Information with Us.

This Policy does not apply to the Personal Information of the Entity's employees, representatives and consultants, or to any other person affiliated with the Entity, as well as to any information that does not constitute Personal Information as defined by applicable laws in Quebec and Canada. 

1.2 Data Protection Officer 

Questions, comments and complaints regarding the Entity's Privacy Policy and practices may be directed to Our Data Protection Officer at:

Telephone : 514-272-5570
Email : prp@saiinc.qc.ca
Address : 430-201 Laurier Ave. East Montreal Quebec H2T 3E6

2. Definitions

The following words and expressions, when they appear with a first capital letter in the Policy, shall have the meaning ascribed below, unless otherwise implied or explicitly stated in the text.

"Service Provider" means any natural or legal person who processes Personal Information on behalf of the Entity. These are third-party companies or individuals employed by the Entity to facilitate the Services, provide the Services on behalf of the Entity, perform services related to the Services, or assist the Entity in analyzing the use of the Services.

"Personal Information" means any information that relates to a natural person and allows him or her to be identified, i.e. that directly or indirectly reveals something about the identity, characteristics (e.g., skills, preferences, psychological tendencies, predispositions, mental capacities, character and behaviour of the person concerned) or activities, regardless of the nature of the support tool and regardless of the form in which the information is accessible (written, graphic, audio, visual, computerized or otherwise).

"Data Protection Officer" means the person who is responsible for the application of this Policy and whose contact information is identified in Section 1 of this Policy.

"Services": Services refers to the Website, our social media pages, as well as the services and products related to SaiAdNet and Sentinel softwares, in addition to the IPP portal.

3. Processing of Personal Information 

3.1 Collection of Personal Information

In the course of our business, We may collect different types of Personal Information including the information listed below:

  • contact information, such as your first and last names, address, email address and telephone number, and, when applicable, your username and password;
  • information relating to Services, such as information about the Services We have rendered to you; 
  • information you choose to provide or share with Us, for example, when you fill out a form, call us or contact us on our Websites, apply for a job opening or contact one of our employees or representatives; 
  • information collected automatically when you use the Website and our Services, including: 
    • login information and other information about your activities on the Website, such as your IP address, the pages you viewed, the time and date of your visits, the number of connections, the type of browser you use, the operating system of your device, and other hardware and software information.

In each case, such Personal Information is processed in accordance with the legitimate and necessary purposes listed in section 3.2 below.

3.2 Use of Personal Information

We may use your Personal Information for the legitimate purposes described below:

  • operate, maintain, monitor, develop, improve, and offer all features of Our Website; 
  • present and/or provide Services to you;
  • provide access and log in to our SaiAdNet and Sentinel softwares, as well as the IPP portal;
  • allow you to apply for job openings; 
  • carry out our contractual obligations to you;
  • developing, improving, and offering new Services;
  • send you messages, updates, security alerts; 
  • for marketing and business development purposes, if you have previously consented to the processing of your Personal Information for those purposes;
  • answer your questions and provide you with assistance as needed; 
  • detect and prevent fraud, errors, spam, abuse, security incidents, and other harmful activities;
  • for any other purpose permitted or required by law. 

3.3 Disclosure of Personal Information

We may share your Personal Information with our employees (including human resources and IT departments), contractors, consultants, agents, Service Providers and other trusted third parties, who need the information to help Us operate Our Website, conduct Our business activities or serve you,  provided that such Service Providers have previously agreed in writing to ensure the confidentiality of your Personal Information in accordance with applicable laws and Our information governance program. 

We do not sell, trade, or otherwise disclose your Personal Information to third parties.

3.3.1 Service Providers and Other Third Parties

Although We try to avoid sharing your Personal Information with third parties, We may use Service Providers to perform various services on Our behalf, such as IT management and security, marketing, data analytics and data hosting services. We have defined below the cases in which such sharing may take place.

Before disclosing your Personal Information to Service Providers outside the province of Quebec or depending on the nature of the Personal Information disclosed, We conduct privacy impact assessments. When We disclose your Personal Information to Service Providers, We ensure that the Personal Information disclosed and provided is strictly necessary to carry out their mandate. As part of the contracts with our Service Providers, We are committed to adhering to the principles set out in this Policy. Our Service Providers are required to use Personal Information securely and confidentially, as directed by us, and only for the purposes for which it was provided.  We provide sufficient assurances that adequate safeguards are in place to commensurate with the sensitivity of the Personal Information processed or disclosed. When Our Service Providers no longer need your Personal Information, We require them to destroy that data appropriately.

3.3.2 Complying with Legislation, Responding to Legal Requests, Preventing Harm, and Protecting Our Rights

We may disclose your Personal Information where We believe such disclosure is authorized, necessary or appropriate, including: 

  • to respond to requests from public and government authorities, including public and government authorities outside your country of residence; 
  • to protect Our business; 
  • to comply with legal process; 
  • to protect Our rights, privacy, safety, property, or those of others; 
  • to allow Us to pursue available remedies or limit the damages We may sustain; and 
  • in accordance with applicable laws, including laws outside your country of residence.

3.3.3 Business Transaction

We may share, transfer or communicate, in strict accordance with this Policy and the provisions of the Act respecting the protection of personal information in the private sector, CQLR c P-39.1 (the "Private Sector Act ") and the Act to modernize legislative provisions as regards the protection of personal information, SQ 2021, c 25 (the "Bill 25") (assented to September 22, 2021), your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of the Entity or Our assets (e.g., as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or other business transaction, including in connection with the negotiation of such transactions). In this case, We will notify you before your Personal Information is transferred and is governed by a different privacy policy.

3.4 Consent to Personal Information

To the extent possible, the Entity obtains consent directly from the data subject to the collection, use and disclosure of their Personal Information. However, if you provide Personal Information about other individuals to Us, you must ensure that you have given them due notice that you are providing their information to Us in addition to obtaining their consent to such disclosure.

We will collect your explicit, clear, free and informed consent and identify specific purposes for which consent is required before using or disclosing your Personal Information for purposes other than those set out herein. We will also collect your explicit consent whenever sensitive Personal Information is involved in any of the Entity's processing activities. We will ask for your consent for each specific purposes in plain and clear terms, and distinctively from any other information.

BY USING OUR WEBSITES, BY SUBMITTING YOUR PERSONAL INFORMATION BY EMAIL OR OTHERMISE, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY.

If You do not consent, please stop using the Website. Except where otherwise required by law, You may withdraw your consent at any time upon reasonable notice. Please note that if You choose to withdraw your consent to the collection, use or disclosure of Your Personal Information, certain features of Our Website may no longer be available to You or we may no longer be able to offer You some of Our services.

3.5 Retention of Personal Information

Subject to applicable law, We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, unless you consent to your Personal Information being used or processed for another purpose. In addition, Our retention periods may be changed from time to time due to legitimate interests (e.g., to ensure the security of Personal Information, to prevent abuse and breaches, or to prosecute criminals).

For more information on the periods for which your Personal Information is retained, please contact Our Data Protection Officer using the contact information provided in section 1.2 of this Policy.

4. Your Rights

As a data subject, you may exercise the rights set out below by contacting Our Data Protection Officer in writing at the contact information provided in section 1.2 of the Policy. Please note that We may ask you to verify your identity before responding to any of these requests.

  • You have the right to be informed of the Personal Information We hold about you, its use, disclosure, retention and destruction, subject to the exceptions provided by applicable law;
  • You have the right to access your Personal Information, to request a copy, including hard copy, of the documents containing your Personal Information, subject to the exceptions provided by applicable law, and to obtain, where applicable, additional details about how we use, disclose, retain and destroy it;
  • You have the right to have the Personal Information We hold about you corrected, amended and updated if it is incomplete, ambiguous, out of date or inaccurate;
  • You have the right to withdraw or modify your consent to the Entity's collection, use, disclosure or retention of your Personal Information at any time, subject to applicable legal and contractual restrictions;
  • You have the right to ask Us to stop disseminating your Personal Information and to de-index any link to your name that provides access to that information if such disclosure would contravene the law or a court order;
  • You have the right to request that your Personal Information be disclosed to you or transferred to another organization in an accessible and commonly used technological format; 
  • The right to be notified of a privacy incident involving your Personal Information that may cause you serious harm. To this end, we maintain a register of all confidentiality incidents and assess the harm they may cause to data subjects;
  • You have the right to file a complaint with the Commission d'accès à l'information, subject to the conditions set out in applicable law.

In order to comply with your request, you may be asked to provide appropriate identification or otherwise identify yourself.

5. Cookies and Other Tracking Technologies

We use cookies and other similar technologies (collectively, "Cookies") to help us operate, protect and optimize the Website and Services We offer. Cookies are small text files that are stored on your device or browser. They collect certain information when you visit the Website, including your language preference, browser type and version, the type of device you are using, and your device's unique identifier. While some of the Cookies we use are deleted after your browser session has ended, other cookies are stored on your device or browser to allow us to recognize your connection the next time you visit the Website. The Personal Information collected through these Cookies is not intended to identify you. More precisely, they make it possible to ensure the proper functioning of the Website, to improve the browsing experience of users and to provide certain data that allows us to better understand the traffic and interactions that take place on Our Website, as well as to detect certain types of online fraud. Cookies do not cause any damage to your device and cannot be used to extract your Personal Information. We collect your IP address, information about your device and operating system or browser, your online activity relating to the Website and your browsing history on Our Website as well as your queries, browsing preferences (the languages used), etc.

You can configure your browser so that you are informed about Cookies’ settings when you visit the Website, allowing you to decide, on a case-by-case basis, whether to accept or refuse the use of some or all Cookies. Please be aware that disabling Cookies in your browser may adversely affect your browsing experience on the Website and prevent you from using some of its features.

To find out more about how we use Cookies, you can see Our "Cookies Policy".

6. Security Measures

The Entity has implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of your personal information against loss, theft or any unauthorized access, disclosure, copying, communication, use or modification. These measures include, but are not limited to:

On the administrative side, the adoption of a series of policies and procedures as part of the implementation of Our information governance program, including:

  • regulate the access, communication, retention, de-identification, including anonymization and/or, where applicable, destruction of Personal Information;
  • determine the roles and responsibilities of Our employees throughout the life cycle of Personal Information and documents;
  • establish procedures in regard to confidentiality incidents;
  • govern the process of requests and complaints relating to the protection and processing of Personal Information.

On the technical level, the use of several means such as:

  • the use of a secure server. All sensitive information provided is transmitted via Secure Socket Layer (SSL) technology and then encrypted in Our payment gateway provider database only to be accessed by authorized persons with limited access rights to such systems, which are required to keep the information confidential;
  • the use of backup systems, network monitoring software, etc.;
  • the use of encryption and segregation of duties, access controls and internal audits.

We have not exhaustively listed the set of measures we are putting in place given the public nature of this Policy.

Despite the measures described above, We cannot guarantee the absolute security of your Personal Information. If you have reason to believe that your Personal Information is no longer protected, please contact Our Data Protection Officer immediately using the contact information provided in section 1.2 above.

7. Changes to this Privacy Policy

We reserve the right to change this Policy at any time in accordance with applicable law. If We make any changes, We will post the revised Privacy Policy and update the date in the footer of the Privacy Policy. We will also notify you of the effective date of the new version of Our Policy in case of substantial modifications. If you do not agree to the new terms of the Privacy Policy, please cease using Our Website and Services. If you continue to use Our Website or Services after the new version of Our Policy comes into effect, then your use of Our Website and Services will be governed by the new version of the Policy.

8. Links to Third-Party Websites

From time to time, We may include references or links to Our Facebook page, websites, products or services provided by third parties (the "Third-Party Services") on Our Website. These Third-Party Services, which are not operated or controlled by the Entity, are governed by privacy policies that are entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Website and the Services offered by Us.

9. Individuals Under the Age of 14

We do not knowingly collect or use Personal Information from anyone under the age of 14. If you are under the age of 14, you should not provide Us with your Personal Information without the consent of your parents or guardian. If you are a parent or guardian and you become aware that your child has provided Personal Information to Us without consent, please contact Us using the contact information provided in section 1.2 above to request that We delete that child's Personal Information from Our systems.

10. Applicable Laws

The laws of Canada and Quebec, excluding conflict of law rules, will govern this Agreement and your use of the Website. Your use of the Website may also be subject to other local, provincial, national or international laws.

TERMS OF USE

Use of the SAI Actuarial Services Inc. and Sentinel websites as well as our companies’ information are subject to the terms set out below. We therefore ask you to read these carefully before using our websites. If you access our websites, you hereby accept these terms.

1. Copyright

With respect of the foregoing terms, it is permissible to copy, download, print, replicate, publish, translate, display, transmit, distribute, or broadcast any material from the website without permission or cost from us provided that such materials are used solely for personal information and that the mention of the source of the information is properly quoted. Beyond this limited scope to print content, you may not copy, download, print, reproduce, publish, translate, display, transmit, redistribute, or rebroadcast any content from our sites in any form or by any means or, without our prior written authorization.

2. Trademarks 

The name SAI Actuarial Services Inc. and the expressions and logos used and displayed on our sites are strictly the property of SAI Actuarial Services Inc. You may not copy, reproduce or download any Trademark of SAI Actuarial Services Inc. without our prior written consent.

3. Your access 

Our pension administration software which is called SaiAdNet allows several different categories of users to access plan data through a secure website.

Some sections of our websites are restricted. If you have permission to access any of these sections, you are entirely responsible for keeping your username and password confidential. It is strictly forbidden to communicate or transmit in any way or form your username and password to anyone without our prior authorization.

In the event of unauthorized access to the restricted sections of our websites, we will take all legal actions to cease and desist such transgressions and request the recovery of all damages suffered directly and indirectly by this illegal act.

When cookies allow to identify users, the data collected is considered personal information. Cookies can be used to either personalize the website according to the preferences of the user or to analyze how the user navigates through our websites.

Contact 

If you have any questions or concerns regarding the Privacy Policy or SAI Actuarial Services’ practices related to the protection of personal information and data information, please contact our privacy officer at 514-272-5570 or by email at : prp@saiinc.qc.ca