North American Cabinets

705 rue Pope
Cookshire-Eaton (Québec) J0B 1M0
Canada

1 866 551-1622

Privacy Policy

Data Protection, Privacy, Records Management, and IT Equipment Usage Policy

Purpose of the Policy

The purpose of this policy is to ensure the protection of personal and confidential data processed by 9159-7500 Québec Inc. (hereinafter referred to as NAC) in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and local privacy legislation.

Scope

This policy applies to all employees and stakeholders of NAC who have access to personal or confidential data as part of their work and/or use a company-provided computer.

Data Collection and Use

All personal data must be collected legally, transparently, and in compliance with the law. Personal data is collected solely for specific, explicit, and legitimate purposes. Any further use incompatible with these purposes is prohibited without prior consent. Only relevant and necessary data should be collected. Computers provided by NAC must not be used for personal purposes. Usage time is monitored by the company and must align with working hours.

Physical Records Management

All physical records must remain on company premises. Employees authorized for remote work may digitize necessary documents or use information available on the network.

Data Protection and Security

Access to personal and confidential data is strictly limited to authorized personnel. NAC implements appropriate technical and organizational measures to ensure data security, including encryption, firewalls, and password-protected access. In case of a data breach, the company commits to notifying the relevant authorities within legal timeframes and informing affected individuals if necessary.

Rights of Data Subjects

Individuals whose data is processed have the following rights:

Right of Access: Request a copy of their personal data.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure: Request deletion of their data under certain conditions.
Right to Data Portability: Request transfer of their data to another controller.
Right to Object: Refuse certain types of data processing.

Data Retention Period

Personal data is retained only for as long as necessary for the purposes for which it was collected, in compliance with legal and regulatory requirements.

Training and Awareness

NAC provides continuous training to its employees to ensure they understand their obligations regarding data protection and privacy. An awareness program is implemented to promote best practices.

Responsibility

Each employee must comply with this policy. Any violation may result in disciplinary actions, up to termination of employment.

Policy Updates

This policy is reviewed periodically to ensure compliance with legislative and regulatory changes.

Effective Date: October 16, 2024

Data Protection Officer (DPO): Stéphanie Carrier