Contact us

Personal Information and Confidentiality Policy

Personal Information and Confidentiality Policy

1. Context

Lepage Millwork's core business is not in the field of personal data. Therefore, Lepage Millwork will not analyze or process your data beyond what is necessary in order for us to provide you with high quality services and products. This means that we do NOT use your data to monitor or profile you beyond what is necessary for our business activities.

The purpose of this policy is to ensure the protection of personal information and to govern the manner in which Lepage Millwork collects, manages, uses, communicates, retains and destroys such personal information. This policy is intended to inform all of Lepage Millwork’s stakeholders of the way the company handles their personal information. It also covers the processing of personal information collected by Lepage Millwork through technological tools and processes.

2. Application and Definitions

This policy applies to Lepage Millwork, including but not limited to its officers, employees, consultants, volunteers, and any person who otherwise provides services on behalf of Lepage Millwork. It also applies to Lepage Millwork's website, as well as to all websites controlled and maintained by Lepage Millwork, as the case may be.

It applies to all types of personal information managed by Lepage Millwork, such as information of its clients, potential or actual, its consultants, its employees, its members or any other person (such as visitors to its websites or otherwise).

For the purpose of this policy, personal information relates to any information about an individual that, directly or indirectly, allows the identification of that individual. For example, it could include a person's name, address, e-mail address, telephone number, gender, banking information, health information, ethnic origin, language, etc.

Sensitive personal information relates to information towards which there is a high reasonable expectation of privacy, e.g. health information, banking information, biometric information, sexual orientation, ethnic origin, political opinions, religious or philosophical beliefs, etc.

On a general basis, an individual's professional or business contact information does is not considered personal information. More specifically, as part of Quebec's Act respecting the protection of personal information in the private sector, and as of September 22, 2023, sections 3 (collection, use, communication), 4 (retention and destruction) and 6 (data security) do not apply to any information on an individual relating to the exercise of its business functions, such as name, title, function, as well as the address, e-mail address and telephone number of the individual's workplace.

These same paragraphs do not apply to personal information that is of public nature by law, as of the effective date of this policy.

3. Collection, Use and Communication

Most services, including the access to our websites, as week as the products we offer, require us to collect only a limited amount of data. In such cases, we will ask you to provide us with your name, a means of contacting you (such as a telephone number or e-mail address) and, where applicable, a postal address or other form of geolocation; all of this in the purpose of delivering of our products or our services.

If you subscribe to one of our newsletters or request to receive marketing materials and information about our products and services, we will need your name, e-mail address and details of your interests so that we can provide you with the relevant information. The same data will be required if you request more information about our products and services at events, such as trade shows, or if you contact us by phone.

If you are a current or potential business partner, we collect basic data about the people with whom we communicate, such as their names, titles and contact details. 

If you apply for a job with Lepage Millwork, we will collect the data you provide us with through our websites or any other form of communication, such as your resume and any forms you may fill out. 

Lepage Millwork will also inform all individuals, at the time of collection of personal information, of any other information being collected, the purposes for which it is being collected and the means of collection, in addition to any other information to be provided as required by law.

Lepage Millwork applies the following guiding principles to the collection, use and disclosure of personal information:

Consent:

Collection:

In certain instances, Lepage Millwork may also collect personal information from third parties, without the consent of the person concerned, if there is a serious and legitimate interest in doing so and a) if the collection is in the interest of the person and it is not possible to collect it from him or her in a timely manner, or b) if such collection is necessary to ensure that the information is accurate.

This collection through third parties may be necessary in order to use some of Lepage Millwork’s products or services, or to do business with Lepage Millwork. When required, Lepage Millwork will obtain consent from the individual at the appropriate time.

Storage and Use:

Communication:

Disclosure outside Quebec

Personal information held by Lepage Millwork may be disclosed outside Quebec, for example, when Lepage Millwork uses cloud service providers whose server(s) are located outside Quebec or when Lepage Millwork deals with subcontractors located outside the province.

Additional information on the technologies used:

Use of cookies

Cookies are data files sent to a website visitor's computer by his Web browser when he or she visits the site and can serve several purposes.

Websites controlled by Lepage Millwork use cookies, in particular:

Websites controlled by Lepage Millwork use the following types of cookies:

Usage of Google Analytics

Some of Lepage Millwork's websites use Google Analytics for continuous improvement purposes. In particular, Google Analytics makes it possible to analyze how a visitor interacts with a Lepage Millwork website. Google Analytics uses cookies to generate statistical reports on the visitors’ behaviour on these websites and the content consulted.

Information from Google Analytics will never be shared by Lepage Millwork with third parties.

Other technologies used

Lepage Millwork also collects personal information through technological means such as web forms integrated into a website controlled by Lepage Millwork (for example, its contact form) as well as other platforms or form tools (e.g., Microsoft Forms).

If Lepage Millwork collects personal information by offering a technological product or service that has privacy settings, Lepage Millwork must ensure that these settings offer the highest level of privacy by default (cookies are not covered).

4. Conservation and Destruction of Personal Information

Unless a minimum retention period is required by applicable law or regulation, Lepage Millwork shall retain personal information only for as long as necessary to fulfill the purposes for which it was collected.

Personal information used by Lepage Millwork to make a decision about an individual must be retained for a period of at least one year following the said decision or, if there is tax implications, up to seven years after the end of the fiscal year in which the decision was made.

At the end of the retention period or when the personal information is no longer required, Lepage Millwork will:

  1. destroy it; or
  2. anonymize it (i.e., it no longer irreversibly identifies the individual and it is no longer possible to establish a link between the individual and the personal information) in order to use it for serious and legitimate purposes. The destruction of information by Lepage Millwork must be done in a secure manner to ensure the protection of this information.

This section may be supplemented by any policies or procedures adopted by Lepage Millwork regarding the retention and destruction of personal information, if any. Please contact Lepage Millwork's Privacy Officer (identified in this policy) for further information.

5. Responsibilities of Lepage Millwork

In general, Lepage Millwork is responsible for the protection any personal information it holds.

Lepage Millwork's Privacy Officer is the Information Technology Director (IT Director). In general, the IT Director is responsible for maintaining compliance with applicable legislation regarding the protection of personal information. The IT Director must approve the policies and practices governing the governance of personal information. More specifically, this person is responsible for implementing this policy and ensuring that it is known, understood and applied. In the event of the absence or inability of the Privacy Officer, Lepage Millwork's Human Resources Director will assume the duties of the Privacy Officer.

Lepage Millwork employees who have access to personal information or who are involved in the management of the company must ensure protection of personal information and comply with this policy.

The roles and responsibilities of Lepage Millwork's employees throughout the life cycle of personal information may be specified by any other Lepage Millwork policy in this regard, if applicable.

6. Data Security

Lepage Millwork is committed to implementing reasonable security measures to ensure the protection of personal information under its control. The security measures in place correspond, among other things, to the purpose, quantity, distribution and sensitivity of the information. This means that information that may be considered sensitive (see definition in section 2) will require more stringent security measures and greater protection. In particular, and in accordance with what was mentioned above regarding limited access to personal information, Lepage Millwork must put in place the necessary measures to constrain the rights of use of its information systems so that only employees who need to have access to personal information are authorized to access it.

7. Rights of Access, Rectification and Withdrawal of Consent

To exercise his or her right of access, rectification or withdrawal of consent, the person must submit a written request to Lepage Millwork's Privacy Officer, at the e-mail address indicated in the following section.

Subject to certain legal restrictions, individuals may request access to their personal information held by Lepage Millwork and request its correction if it is deemed inaccurate, incomplete or equivocal. They may also demand that the sharing of their personal information cease, or that any hyperlink attached to their name allowing access to this information by a technological means be deactivated, when the dissemination of this information contravenes the law or a court order. They may do the same, or require that the hyperlink providing access to this information be reactivated, when certain conditions provided for by law are met.

Lepage Millwork's Privacy Officer must respond in writing to such requests within 30 days from the date of the request. Any refusal must be justified and accompanied by the legal provision justifying the refusal. In such cases, the reply must indicate the remedies available under the law and the time limit for exercising them. The person in charge must help the applicant understand the refusal if necessary.

Subject to applicable legal and contractual restrictions, the persons concerned may withdraw their consent to the communication or use of the information collected.

They may also ask Lepage Millwork what personal information has been collected from them, what categories of people at Lepage Millwork have access to it and how long it will be kept.

8. Complaints Handling Process

Reception:

Any person who wishes to make a complaint regarding the application of this policy or regarding the protection of his or her personal information by Lepage Millwork, must do so in writing to Lepage Millwork's Privacy Officer at the e-mail address indicated in the following section.

The person must provide his or her name, contact information, including a telephone number, as well as the subject of the complaint and the reasons for the complaint, in sufficient detail for the complaint to be evaluated by Lepage Millwork. If the complaint is deemed incomplete or inaccurate, the Privacy Officer may request any additional information he or she deems necessary to assess the complaint.

Treatment:

Lepage Millwork will treat all complaints received confidentially.

Within 30 days following the receipt of the complaint or following the receipt of all additional information deemed necessary and required by Lepage Millwork's Privacy Officer in order to process the complaint, the latter shall evaluate the complaint and formulate a written response by e-mail to the complainant. The purpose of this assessment will be to determine whether Lepage Millwork's handling of personal information complies with this policy, any other policies and practices in place within the organization and applicable legislation or regulations.

In the event that the complaint can’t be processed within this timeframe, the complainant shall be informed of the reasons for the extension, the status of the processing of the complaint and the reasonable time required to provide a final response.

Lepage Millwork shall keep a separate file for each complaint it receives. Each file contains the complaint, the analysis and documentation supporting its assessment, as well as the response sent to the person who submitted the complaint.

9. Approval

This policy is approved by Lepage Millwork's Privacy Officer, whose business contact information is as follows:

Privacy Officer:

c/o Personal Information and Confidentiality Officer
141 Chemin des Raymond,
Rivière-du-Loup (Québec) G5R 4L9
Email: confidentialite@lepagemillwork.com

For all requests, questions or comments regarding this policy, please contact the Privacy Officer by e-mail.

10. Publication and Modifications

This policy is published on Lepage Millwork's website, as well as on all websites controlled and maintained by Lepage Millwork, to which this policy applies, with respect to the personal information collected therein. This policy is also disseminated by any means suitable to reach the persons concerned.
We reserve the right to update this Policy at any time. The most recent version of the Policy may be consulted by visiting our website. Your use of our website may also be subject to additional terms described in the Terms of Use and elsewhere on the website.

*Notes: Please note that the use of the masculine gender is intended to lighten this policy and make it easier to read.

 Last update: September 27, 2023